We highly recommend that all Matomo administrators enable the SecurityInfo plugin, and then view the Settings. The plugin is a tool in a multilayered security approach.
Performed checks include for instance usage of the latest PHP version, usage of the latest Matomo version, usage of PHP ini settings like magic_quotes_gpc and more.