Security is a big area where things often don't mean what they seem to mean and the best solutions are dull calls to administrative routine.
What are you trying to secure against? As a broad generalisation the two biggest security threats on any server system are the staff and the OS/Web Server stack. So for the example of Moodle assuming you are running the popular Linux Apache MySQL PHP stack (LAMP), they are a source of vulnerabilities. PHP runs about 80% of all web sites so there are huge numbers of people trying to break it and vastly fewer trying to break Moodle. So to ensure that is as secure as possible you need to ensure you read security updates/patch information and that your system is up to date.
Note that generally the biggest threats to the systems run by educational organisations walks in through the door each morning.