Thank you for this advice on how to make a moodle installation more secure.
By the way might it be a good idea to also include
php_flag allow_url_fopen 0
in the htaccess file?
Perhaps there are other things that one could include in a standard-improve-security .htaccess file? It might even be included in the installation by default. I seem to remember that there was a generic recommended, ready-to-use htaccess file included with Moodle once. Is it still there somewhere?
Security and privacy
Hacking and security
This discussion has been locked so you can no longer reply to it.