Using Matomo API with WordPress through PHP

Normally when you set up something like Google Analytics, Matomo or other tracking solutions, the normal implementation is to set them up using jQuery tracking. That is, the user browses to your page, downloads and runs the tracking code and the user's browser calls up Matomo or Google Analytics to report that it's been to the page. There's a few problems with this solution. For one thing many browsers can recognize tracking code and simply refuse to run it, this means that many of your customers won't show up in your analytics. This wouldn't be as much of a problem if it was a random section of people, but usually people running an ad-blocker are normally also the subsection of people that are technically inclined, that means that if you're advertising to a technical audience, you're going to find that many of your best customers won't be showing up in your tracking. There are some other reasons why jQuery based tracking is a problem, including the fact that many speed testing sites will get hung up on the tracking code and give you a lower score. Since this affects your ranking, it can cause problems down the line. That being said, this is a double edged sword, PHP is single threaded and if your analytics server is slow it will hurt your ranking the same way as if your user's browser was doing it.

There are other possible issues as well, unless you make an effort to include them then your user's data will be stripped out as well. This may not be a huge problem as it's often misleading or pointless. For example we've seen several machines with 2000x2000 monitors on our analytics and we don't need to think hard to realize that those are almost certainly automated bots. Once you've refined a decent method of filtering out bots from being picked up, it's probably worth wrapping your conversion code in your form submissions with the same wrapper to make sure that Google's ads correctly ingore even those bot submissions that have Javascript enabled. I've seen ads start targeting spammers specifically, so if your forms don't have a payment built in before the conversion tracker then it's a really good idea to have filtering set up.

On to the code. You can pretty much copy paste this into your header, as long as you make sure that you're wrapping it with <?php ?> tags. Credit where It's due I got the hex loop from stackoverflow at "" and the code for getting the user ip from "". The curl command I tested with "Insomnia" which has a handy export to PHP feature once you've confirmed the commands work. If you're looking for the Matomo documentation for this functionality it's at "". I've substituted stuff like my tokens with variables so you can place your own.

$hex = '';

for( $i=0; $i<16; $i++ ) {

$hex .= chr( rand( 65, 90 ) );



function get_the_user_ip() {

if ( ! empty( $_SERVER['HTTP_CLIENT_IP'] ) ) {

//check ip from share internet


} elseif ( ! empty( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) {

//to check ip is pass from proxy


} else {



return $ip;



$curl = curl_init();


$matomoAddress = "";

$token = "";


curl_setopt_array($curl, [

CURLOPT_URL => $matomoAddress."?idsite=1&rec=1&action_name=browse&url=".home_url( $wp->request )."&_id=".$hex."&rand=".$hex."&apiv=1&token_auth=".$token."&cip=".get_the_user_ip(),








CURLOPT_COOKIE => "MATOMO_SESSID=usrjagarfkgbq1ee3kjm4d8tva",



$response = curl_exec($curl);

$err = curl_error($curl);




Of course there are several ways that this could be better extended. For example we should be passing in more user data as well as the referrer url as well as doing some validation beforehand to see if the user data matches what we expect to see from a normal computer user or if we're looking at a bot.

Needless to say, if you'd like help setting up your custom analytics solution you should feel free to contact us.

By the way, if you're curious what our stats look like. We noticed that we've got 50-70 hits per day that are just from non-javascript bots. This number is just high enough that I was wondering if it's worth doing something about it, but there's nothing I can think of at the moment that won't also annoy our legitimate traffic. That being said it looks like we're getting closer to the point where the internet is just bots and AIs talking to each other.