Security overview report is in my opinion the best new feature ever added to moodle. Most previous installs have warned administators about some wrong settings but warning is obviously not the best way to prevent sites being hacked. Liberate security politics has allowed people to choose if they want to take a risk and install moodledata web accessible (inside web root) and we can find far too many of those old sites that could be hacked any day.
It's the same for settings of php and permissions. Moodle can't control other installed programs and all settings of php but the good point in new Security overview report is that for the first time in history we get a clear report of possible security risks and info about correcting those settings.
http://docs.moodle.org/en/Security_overview
Security and privacy
Spam hidden in front page div
This discussion has been locked because a year has elapsed since the last post. Please start a new discussion topic.