Moodle Tip - Keeping Moodle Safe
Problem: One of the Moodles set up isn’t really for facilitating online learning, but rather, facilitating dialogue with the community. As such, since that Moodle will be “out there” for the world in a way that makes it vulnerable, desirable to attack (it’s a Moodle for the Communications Office) as a result of its function, it’s important to protect it again spam and take-over. How can I secure it to prevent spam?
Solution:
Here are the steps I’m taking to ensure that this Moodle is protected from attack. Obviously, it goes without saying that if I need to do more, please let me know. I hope that this list of what I’m doing is helpful.
-
Keep Moodle Installation Up to Date: Since it’s so easy to update Moodle, I make sure to keep our Moodles running at the latest version. Once you’ve updated Moodle several times, you’ll realize how easy it is…for practice and fun, I set up several older Moodle and then upgraded them to the latest version. The upgrades went flawlessly. Once I felt comfortable with the process, I started working on our real Moodles. No problems.
-
Turn off Email Authentication unless you have to have it. Unfortunately, in this particular case, I have to have it on. As a result, I also have to make sure that the admin setting forceloginforprofiles is enabled, not allowing anyone to see and link to user profiles.
-
Run the Security Report in Moodle (Reports->Security Overview)
-
Run the Spam-Cleaning Tool (available here) periodically on sites with email authentication enabled.
-
Enable ReCaptcha
-
Keep up to date on Moodle Security - Join this group
-
Make sure your Moodle files are not writeable. I notice this when enabling Read/Write access for some folders and files. Too bad there isn’t a guide as to what should be writeable and what should just be read only. Wait, it appears the Security Reports helps out in regards to this.
Some additional security pages to read at Moodle:
- Security at Moodle
- Security Overview at Moodle.org
Finally, check out the Moodle Tip Roundup, Moodle Habitudes, and Moodle Mambo!
References
- Prevent Profile Spam, Martin D.
var addthis_pub=“mguhlin”;

Subscribe to Around the Corner-MGuhlin.org
Be sure to visit the ShareMore! Wiki.
Everything posted on Miguel Guhlin’s blogs/wikis are his personal opinion and do not necessarily represent the views of his employer(s) or its clients. Read Full Disclosure