Plausible uses a web app + ClickHouse/PostgreSQL stack. Security posture depends on dashboard authentication, secret management, and database/network isolation.
¶ 1) Protect app secrets and admin auth
- Set strong random
SECRET_KEY_BASE and protect env files.
- Enforce strong admin passwords and 2FA where available.
- Disable public registration for private deployments.
- Rotate SMTP/API credentials regularly.
- Keep ClickHouse/PostgreSQL private (no public bind).
- Require auth for DB services and rotate credentials.
- Restrict inter-container network paths to required services only.
- Encrypt backups for analytics datasets.
¶ 3) Harden tracker and dashboard exposure
- Enforce HTTPS for script and dashboard endpoints.
- Apply CSP and rate-limiting at reverse proxy.
- Restrict shared dashboard/public-link features by policy.
- Audit site access and API token usage.
¶ Verification commands
grep -E 'SECRET_KEY_BASE|BASE_URL|DISABLE_REGISTRATION|CLICKHOUSE_DATABASE_URL' /opt/plausible/.env
sudo ss -tulpn | grep -E ':8000|:443|:5432|:8123|:9000'
docker compose -f /opt/plausible/docker-compose.yml ps
- Plausible self-hosting docs: https://plausible.io/docs/self-hosting
- Plausible source and advisories: https://github.com/plausible/analytics/security
- Plausible repo: https://github.com/plausible/analytics