Moodle Security checks

Re: Moodle Security checks

by Michael Hawkins -
Number of replies: 0
Picture of Core developers Picture of Moodle HQ Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Testers
Hi Shad,

It is generally good practice to only allow users access to the files/pages that they need (or should have) access to. For the files in your screenshot specifically, there may not be any super confidential information leaked in there, but one reason to disable access to them is that some of those files make it easier to fingerprint which version of Moodle your site is running. if at some stage that happens to be a version that is not current and/or has known vulnerabilities (such as any published after being patched in newer versions), then an implication is that it is trivial to identify which of those affects (and could potentially be abused on) your site.

Average of ratings: Useful (1)