We have recently installed Moodle. However, when doing security checks on the site, the following errors show up (attached). What are the implications of having those files/directories stated public? Appreciate your help with this.
Hi Shad,
It is generally good practice to only allow users access to the files/pages that they need (or should have) access to. For the files in your screenshot specifically, there may not be any super confidential information leaked in there, but one reason to disable access to them is that some of those files make it easier to fingerprint which version of Moodle your site is running. if at some stage that happens to be a version that is not current and/or has known vulnerabilities (such as any published after being patched in newer versions), then an implication is that it is trivial to identify which of those affects (and could potentially be abused on) your site.
It is generally good practice to only allow users access to the files/pages that they need (or should have) access to. For the files in your screenshot specifically, there may not be any super confidential information leaked in there, but one reason to disable access to them is that some of those files make it easier to fingerprint which version of Moodle your site is running. if at some stage that happens to be a version that is not current and/or has known vulnerabilities (such as any published after being patched in newer versions), then an implication is that it is trivial to identify which of those affects (and could potentially be abused on) your site.