MedMatomoPro - Matomo Analytics tracking for PrestaShop

medmatomopro

Complete Matomo Analytics tracking for PrestaShop — ad-blocker-defeating server-side tracking, first-party proxy, 12 dashboard widgets and built-in GDPR compliance.


Data sheet

Version 2.0.0
Core modifications (override) No
Third party subscription: Yes
Translation : bg-da-de-el-es-et-fi-fr-hu-it-ja-nl-pl-pt-ro-sk-sv-uk
Compatible Prestashop 1.6 Yes
Compatible Prestashop 1.7 Yes
Compatible PrestaShop 8 Yes
Compatible PrestaShop 9 Yes
Compatible thirtybees 1.1 Yes
Compatible thirtybees 1.2 Yes
Compatible thirtybees 1.3 Yes
Compatible thirtybees 1.4 Yes
Compatible thirtybees 1.5 Yes
Compatible thirtybees 1.6 Oui
PhenixSuite compatible Yes
Responsive Design Yes
Multi Shop compatible: Yes
Service Url https://matomo.org/
Demonstrations https://demo-addons.eu/medmatomopro/landing/en/

99,99 € tax excl.

Secure payment methods

Visit and subscribe

Access

License

By buying this product, you will benefit from all the updates for 365 days.

Last Update

05/07/2026: Version 2.0.0

Compatibility

This modules is compatible with all PrestaShop 1.6.x version This modules is compatible with all PrestaShop 1.7.x version This modules is compatible with all PrestaShop 8.x version This modules is compatible with all PrestaShop 9.x version

thirtybees Compatibility

This modules is compatible with all thirtybees 1.1.x version This modules is compatible with all thirtybees 1.2.x version This modules is compatible with all thirtybees 1.3.x version This modules is compatible with all thirtybees 1.4.x version This modules is compatible with all thirtybees 1.5.x version This modules is compatible with all thirtybees 1.6.x version

PhenixSuite Compatibility

This modules is compatible with all PhenixSuite version

Translate in

bg da de el es et fi fr hu it ja nl pl pt ro sk sv uk

Proposed by

Mediacom87


More info

The problem

Google Analytics has become a black hole: 30 to 50% of traffic is lost to ad-blockers, Safari ITP filters cookies, GDPR demands a mandatory consent banner, and France's CNIL has actually ruled against its use. Your data lives on Google servers, gets sampled past a threshold, and is out of your control.

The result: your real revenue stops matching analytics reports, campaigns get optimized on bad data, and visitors face a cookie banner that hurts your conversion rate.

The solution

MedMatomoPro embeds self-hosted Matomo Analytics on your own server with three complementary tracking layers: standard JS script, first-party proxy that defeats ad-blockers, and server-to-server e-commerce conversion calls.

The result: 100% of raw data on your server, GDPR compliance built in (cookieless mode without a banner is possible), zero revenue loss to uBlock or Safari ITP, and a 12-widget dashboard available right inside your PrestaShop back-office.

How it works

1

Standard JS tracking

The official Matomo script is injected on every page: page views, e-commerce events, cart updates, search, forms. Up and running in minutes.

2

First-party proxy

matomo.js and matomo.php are served from your own domain. Hostname-based ad-blockers can no longer filter your tracking requests.

3

Server-side tracking

Order confirmations are sent server-to-server via cURL. Even when JavaScript is blocked or Safari ITP filters cookies, revenue is still attributed.

Detailed features

Native e-commerce tracking

  • Product and category views
  • Real-time cart updates
  • Order confirmations via Matomo's native API
  • Authentication, site search, checkout funnel
  • Heartbeat (real time-on-page) and JS errors

Server-side ad-blocker defeat

  • actionValidateOrder hook for conversions
  • Self-contained mini tracker (PHP 5.6+, cURL with fallback)
  • Zero revenue loss to ad-blockers
  • Built-in bot/crawler filter (Googlebot, Lighthouse, etc.)

First-party proxy

  • matomo.js and matomo.php proxied through your domain
  • Configurable proxy path slug
  • Defeats uBlock, AdBlock, Brave Shield and similar
  • X-Forwarded-For headers preserve the visitor IP

12 dashboard widgets

  • Traffic: visits, unique visitors, top pages, sources, KPIs
  • E-commerce: revenue, top products, top categories, conversion + AOV
  • Audience: devices, top countries, search keywords
  • Real-time: visitors in the last 30 minutes
  • Toggle each independently, 5-minute cache

Real-time counter on BO home

  • Live visitor count on the PrestaShop home page
  • 30-day visits chart with adaptive granularity (hour / day / month)
  • Synced with the native PS period selector (Day / Month / Year)
  • AJAX auto-refresh, configurable from 10 to 300 s

Privacy & GDPR

  • Self-hosted: no data sent to third parties
  • Native cookieless mode (no banner needed)
  • Browser Do Not Track honored
  • Built-in consent gating (CMP-compatible)
  • Front-office opt-out page + customer account link

Auto-mapped Custom Dimensions

  • Customer group, currency, language
  • Device type (mobile / tablet / desktop)
  • Multistore shop (ID + name)
  • Payment method, carrier

Core Web Vitals

  • Automatic reporting of LCP, INP, CLS, FCP, TTFB
  • Pushed as Matomo events
  • Async-loaded via the official web-vitals.js library

User ID + PII hashing

  • Cross-device identification of logged-in customers
  • SHA-256 email hashing for GDPR compliance
  • Optional raw-PII mode for advanced administrators

Built-in diagnostic

  • 9 server-side health checks (URL, ping, proxy, token, PHP extensions…)
  • Per-row AJAX re-run with visual feedback
  • Detection of super-user tokens (refused by Matomo 5+)
  • Token validation via API.getMatomoVersion (POST)

Multistore & Tag Manager

  • Per-shop Matomo URL and site ID (multistore-aware)
  • Matomo Tag Manager support as an alternative
  • Configurable MTM container URL
  • TM mode mutually exclusive with the direct tracker

Responsible security policy

This module follows the TouchWeb Charter for responsible cybersecurity. Acknowledgement within 7 days for any report, fix and CVE publication within 30 days, never any silent fixes. 29 Configuration entries stored natively (zero database tables added), 17 admin languages, 12 PrestaShop hooks registered. A comprehensive FAQ covers installation, GDPR, ad-blockers, performance, multistore and troubleshooting.

Installation

Download the module and install it from your back-office (Modules > Module Manager)

Fill in your Matomo URL, site ID and an auth token (a non super-user account with read access)

Toggle the options you want: server-side tracking, first-party proxy, back-office dashboard, cookieless mode, consent gating, Core Web Vitals

Open the Diagnostic tab to validate the configuration (9 checks) and you're done — visits show up in Matomo within 60 seconds

Changelog

2.0.0 - 05/05/2026

Major rewrite — overview
  • Full PrestaShop 1.6 → 9.x compatibility, PHP 5.6 → 8.4. ps_versions_compliancy extended to 9.99.99.
  • Configuration storage migrated from a single JSON blob (1.x) to 29 discrete Configuration entries, fully multistore-aware via Configuration::updateValue.
  • Six back-office tabs: Dashboard, Configuration, Information & support, Diagnostic, FAQ, Security Policy. The Information tab follows the medmathcaptcha identity-card pattern.
  • No additional database table — every option lives in the standard Configuration store, multistore-aware, removed at uninstall.
New tracking features
  • Server-side e-commerce tracking via the actionValidateOrder hook — recovers conversions otherwise lost to ad-blockers, JS-disabled browsers and Safari ITP. Self-contained mini tracker (PHP 5.6+ compatible, curl with file_get_contents fallback).
  • First-party proxy: optional front controllers serve matomo.js and matomo.php from your shop domain, defeating hostname-based ad-blockers.
  • Custom Dimensions auto-mapping (customer group, currency, language, device type, shop ID/name, payment method, carrier).
  • Matomo Tag Manager mode as an alternative to the direct tracker.
  • Core Web Vitals reporting (LCP, INP, CLS, FCP, TTFB) via the official web-vitals.js, asynchronous.
  • Bot/crawler filtering for server-side hits (Googlebot, AhrefsBot, Lighthouse, etc.).
  • Customer login/logout events via actionAuthentication and actionCustomerLogoutAfter hooks.
  • Site search tracking via actionSearch — feeds the Matomo Site Search report.
  • Server-side cart-save tracking via actionCartSave so abandoned carts are still attributed when JS is blocked.
  • Checkout funnel tracking: each PrestaShop 1.7+ checkout step (Authentication / Addresses / Delivery / Payment) reported as a Matomo event.
  • JS feature toggles: enableJSErrorTracking and enableHeartBeatTimer (configurable delay 5–300 seconds).
  • setUserId support for logged-in customers, with optional SHA-256 hashing for stronger GDPR posture.
Embedded back-office dashboard
  • New Dashboard tab with 12 opt-in widgets (visits, unique visitors, top pages, traffic sources, engagement KPIs, revenue, top products, top categories, conversion + AOV + orders, devices, top countries, site search keywords, real-time visitors). Each widget is independently toggleable in the Configuration tab.
  • Server-side data fetching via the Matomo Reporting API (POST), rendered with Chart.js v4 (vendored locally as a UMD bundle, ~200 KB). No iframe, no cross-origin issue, no token in URL — works behind ad-blockers.
  • Smart caching: 5-minute cache on regular widgets, 30-second cache on the live counter — keeps the BO snappy without hammering Matomo.
  • Real-time visitors widget: AJAX auto-refresh every N seconds (configurable 10–300, default 30) with a countdown indicator and a manual Refresh button (icon-only, in the panel header).
  • Back-office home widgets: optional live visitor counters (dashboardZoneOne) and 30-day visits chart (dashboardZoneTwo), rendered server-side, with a Refresh button each. Visible on every BO login without opening the module.
  • Dashboard tab is hidden when the embedded dashboard is disabled, so the UI never shows an unusable area.
Privacy & GDPR
  • Optional cookieless mode (disableCookies).
  • Explicit consent gate with a window.MedMatomoConsent() bridge for any CMP (klaro, didomi, cookiebot, custom banners).
  • Native Do Not Track honoring.
  • Visitor opt-out front controller (/module/medmatomopro/optout) wrapping the native Matomo CoreAdminHome opt-out widget. Cross-version template (PS 1.6 + 1.7 + 8 + 9).
  • Customer-account opt-out shortcut: a Manage analytics tracking link rendered on the customer account page (displayCustomerAccount and displayMyAccountBlock hooks).
Diagnostic & troubleshooting
  • Health-check tab with 9 server-side checks (URL, site ID, reachability, ping, server-side prerequisites, proxy, matomo.js content-type, auth token, PHP extensions).
  • Sequential AJAX re-run: clicking "Re-run all checks" refreshes each row one by one with per-row visual feedback (spinner + soft yellow background during, green flash after), no full page reload.
  • Auth token validation detects super-user tokens (Matomo blocks them for widget embedding) and brute-force lockouts, with explicit remediation steps.
  • Comprehensive FAQ tab covering setup, GDPR, ad-blockers, performance, multistore and troubleshooting.
Security
  • Removed the 1.x unprotected debug front controller (hardcoded MD5 password backdoor exposing module configuration).
  • Module enrolled under the TouchWeb responsible cybersecurity charter (FR/EN), with CVE publication policy. See the Security Policy tab.
  • Module root .htaccess switched to a deny-all + extension allowlist pattern, hardened against direct access to PHP files outside whitelisted entry points.
PrestaShop 9 compatibility
  • Replaced the removed _PS_PRICE_COMPUTE_PRECISION_ constant with a version-agnostic helper (PS 1.6 → 9).
  • Reporting API token sent via POST (Matomo 5+ requirement).
  • vendor/css/ps9.css conditionally loaded on PrestaShop 9 to fix tab link styling.
  • Added the config.xml manifest for fast back-office discovery.
PrestaShop 1.6 compatibility
  • Cross-version optout template: PS 1.7+ extends page.tpl from the Classic theme; PS 1.6 falls back to a plain HTML wrapper. The setTemplate call resolves the right path for each version.
  • getCheckoutProcess (PS 1.7+) is invoked through method_exists(), so the checkout funnel feature degrades silently on PS 1.6 instead of failing.
  • Hooks displayBeforeBodyClosingTag and actionCustomerLogoutAfter (PS 1.7+) registered without breaking 1.6 — the related features (Core Web Vitals, logout event) just stay inactive.
Bug fixes (over 1.x)
  • Cart.js currency-stripping regex was matching the literal string "€,$,£" instead of the individual symbols, breaking parseFloat for non-dot decimal separators.
  • Hook now registered as canonical "displayHeader" instead of "displayheader"; the legacy hookHeader alias was removed.
  • Removed dead SKU assignment in the product hook.
Bug fixes during the 2.0.0 stabilization
  • Live AJAX URL was built with HTML-encoded ampersands (&), which broke the PrestaShop admin token parameter when consumed by the JS — the endpoint was rejected with a security error. Fixed by html_entity_decode before json_encode.
  • Diagnostic AJAX inline script and stylesheet originally lived inside the PrestUI tab, but Riot.js scans children for curly-brace expressions and choked on JS function blocks and CSS rules. Moved JS and CSS to external files (medmatomopro-diag-VERSION.js, medmatomopro-VERSION.css) and pass config via discrete data-* attributes (no JSON object literals in attribute values).
  • Tooltips on the dashboard widget header and BO home reload buttons were not showing — switched to Bootstrap tooltips with data-toggle="tooltip" and explicit init via jQuery.
  • Iframe-based dashboard mode removed entirely (failed for super-user tokens, brute-force lockouts and DOMException on PS9). Replaced by server-side data fetching with Chart.js v4.
  • Custom dateFormat Smarty plugin removed — PrestaShop ships one natively in config/smarty.config.inc.php; the redefinition raised "Plugin tag dateFormat already registered".
Refactor & cleanup
  • New helper classes: MedMatomoProServerTracker, MedMatomoProDiagnostic, MedMatomoProConsent, MedMatomoProDimensions, MedMatomoProReports.
  • JS and CSS files versioned in their filename (medmatomopro-VERSION.js/css) for proper cache busting on upgrades.
  • Renamed the third-party libraries directory from libraries/ to vendor/ to align with PHP/Composer conventions.
  • Tab templates moved into views/templates/admin/tabs/ for clearer file layout.
  • Replaced the inline medDisplayDate calls with the native PrestaShop dateFormat Smarty plugin; MedMatomoProClass is now a pure static helper.
  • Translations rebuilt from scratch — 333+ entries in fr.php sourced directly from the templates and PHP, no orphans, no English left over.
  • Dead-code purge: removed orphan MedMatomoProConsent::policyText / host helpers, MedMatomoProDimensions::SOURCES catalog, and three unused Smarty assigns (ps_version, widget_catalog, live_ajax_url) — about 50 lines of unreferenced code.
  • Removed dead 1.x code: medGetLanguageCode, medJsonFeedFile, medJsonModuleFile, thirty-bees branching, redundant inherited public properties, addons/prestatoolbox image assets.
Upgrade
  • upgrade-2.0.0.php migrates the legacy single-JSON Configuration entry to the 29 discrete keys, registers the 12 hooks, drops obsolete cache keys (MED_FEED_*, MED_JSON_*) and removes obsolete files and folders (cart.js, back.css, libraries/, controllers/debug.php) using Tools::deleteDirectory.

1.0.0 - 08/17/2023

  • Version initiale

Interested in product

Tell us your interest in this product and we will contact you for more details.

[0/]
Visit and sales tracking with Matomo
MedMatomoPro - Matomo Analytics tracking for PrestaShop

Reviews