Security and privacy

How to keep your Moodle site secure and methods for increasing privacy.

Documentation: Security, Security FAQ and Increasing privacy in Moodle
Forum moderator: Dan Poltawski

Before starting a new discussion topic, please check the Security FAQ and try a forum search.

DO NOT REPORT NEW VULNERABILITIES HERE!

New security issues should be reported in the Moodle Tracker with an appropriate security level.


Page: 1 2 3 4 5 6 7 8 9 10 11 12 ()
DiscussionStarted byRepliesLast post
PinnedEU General Data Protection Regulation (GDPR) compliance Martin DougiamasMartin Dougiamas 29 Matteo Scaramuccia
Wed, 25 Oct 2017, 3:16 PM
unclear CSS - attack Picture of Bjarne OldsenBjarne Oldsen 4 Ralf Hilgenstock
Sat, 25 Nov 2017, 7:02 PM
Falling out of supported releases? wen photoWen Hao Chuang 1 Mathew Gancarz
Wed, 22 Nov 2017, 11:31 PM
HTTP to HTTPS but on Windows environment Picture of J GuzmanJ Guzman 0 J Guzman
Wed, 22 Nov 2017, 6:07 AM
Help with redirect from HTTP to HTTPS Picture of Carolyn McIntyreCarolyn McIntyre 15 J Guzman
Wed, 22 Nov 2017, 5:55 AM
Privacy concerns using the Google Document Converter (annotate a pdf) Picture of Eva EEva E 2 Ray Lawrence
Tue, 21 Nov 2017, 9:56 PM
Reverse Proxy redirecting Picture of Helson CHelson C 0 Helson C
Tue, 21 Nov 2017, 3:58 AM
Moodle 3.4 improvements related to data protection/GDPR Picture of Joe CapeJoe Cape 0 Joe Cape
Fri, 17 Nov 2017, 10:25 PM
Server CPU performance overhead Picture of Shamal SabahShamal Sabah 4 Dan Bennett
Wed, 15 Nov 2017, 12:38 AM
Guide to ssl certificate https linux ubuntu apache Picture of Christian KristiansenChristian Kristiansen 11 Jyoti Ray
Fri, 10 Nov 2017, 2:00 PM
Is the unoconv installation a security risk? Picture of Matthew DavidsonMatthew Davidson 27 Meg Goodine
Fri, 10 Nov 2017, 4:46 AM
How to prevent multiple login with same ID with moodle 3 Picture of Vivian BogniniVivian Bognini 0 Vivian Bognini
Tue, 7 Nov 2017, 11:34 PM
Assigning permissions to modify themes Picture of marisol castromarisol castro 1 Ken Task
Thu, 2 Nov 2017, 4:07 AM
About the OAuth 2 services Picture of 方圆 蔡方圆 蔡 0 方圆 蔡
Tue, 31 Oct 2017, 2:14 PM
Maximum uploaded file size Picture of mozhgan shafieimozhgan shafiei 0 mozhgan shafiei
Tue, 31 Oct 2017, 1:31 PM
Trusted content permission does not work for Teacher role, XSS vulnerable? Picture of Paul LPaul L 0 Paul L
Wed, 25 Oct 2017, 9:36 PM
PHP.URI.Code.Injection Firewall Message Picture of Ali ArekatAli Arekat 1 Tomasz Muras
Tue, 24 Oct 2017, 3:19 PM
Model for managing institution groups Picture of David HumphreysDavid Humphreys 0 David Humphreys
Tue, 24 Oct 2017, 6:41 AM
Guest Access to Calendar Picture of Emma RichardsonEmma Richardson 1 Dean Montgomery
Sat, 14 Oct 2017, 1:30 AM
Why Does Moodle Have a Plugin Installer If It Is Considered Unsafe? Picture of Uwe StangeUwe Stange 0 Uwe Stange
Mon, 9 Oct 2017, 5:31 PM
Tab redirected Picture of bruce millsbruce mills 1 bruce mills
Thu, 5 Oct 2017, 9:36 AM
SSL and Moodle on a Subdomain Picture of David DinhDavid Dinh 5 David Dinh
Tue, 3 Oct 2017, 11:18 AM
SSL setup issues on Moodle 3.2.3 Picture of Yogesh NaharYogesh Nahar 3 David Dinh
Tue, 3 Oct 2017, 6:46 AM
Resetting forgot password without email Picture of Sanni RinneSanni Rinne 4 Sanni Rinne
Mon, 2 Oct 2017, 1:42 PM
JS Injection Picture of Claudio HenriqueClaudio Henrique 1 David Mudrák
Fri, 29 Sep 2017, 4:17 PM
Restrict access by enrolment method Dominique BauerDominique Bauer 5 Randy Thornton
Fri, 29 Sep 2017, 7:11 AM
SAML auth with users pulled via LDAP Picture of Joel CoehoornJoel Coehoorn 1 Keiron Walsh
Fri, 22 Sep 2017, 6:15 PM
security issue with the syslog for moodle Picture of Mahmood NaderanMahmood Naderan 3 Mahmood Naderan
Thu, 14 Sep 2017, 2:07 PM
Warning: Executable paths can be set in the Admin GUI. Picture of Jaifar Al ShizawiJaifar Al Shizawi 4 Jaifar Al Shizawi
Tue, 12 Sep 2017, 1:31 PM
Discussing sensitive content in moodle Picture of James BrownJames Brown 1 Mathew Gancarz
Mon, 11 Sep 2017, 10:29 PM
Restrictions Picture of Munna jkMunna jk 0 Munna jk
Sat, 9 Sep 2017, 2:55 PM
Performance info only for admins? Picture of Christos SavvaChristos Savva 3 Christos Savva
Fri, 8 Sep 2017, 3:35 PM
How to change admin password OpheliaMark Miller 1 Emma Richardson
Tue, 5 Sep 2017, 6:50 PM
NET::ERR_CERT_AUTHORITY_INVALID 3.2.2 Picture of David RobertsonDavid Robertson 9 Amit Shingala
Tue, 5 Sep 2017, 3:00 PM
reset admin password? Picture of Rachel HorstRachel Horst 4 Adam Jenkins
Fri, 1 Sep 2017, 3:34 PM
Security issue - authentification Picture of Marta MikMarta Mik 1 Adam Jenkins
Fri, 1 Sep 2017, 3:16 PM
uses moodle username and password for login on main site Picture of Muhammad AbdulhakeemMuhammad Abdulhakeem 1 Adam Jenkins
Fri, 1 Sep 2017, 3:10 PM
how to set different views for a database activity for different users or groups Picture of Luca TomsiLuca Tomsi 8 AL Rachels
Sun, 20 Aug 2017, 6:33 AM
restrict guest access for courses in a specific category Picture of stefan weberstefan weber 2 stefan weber
Fri, 11 Aug 2017, 3:30 PM
Security Moodle Picture of Rondi AriyantoRondi Ariyanto 13 Rondi Ariyanto
Mon, 7 Aug 2017, 7:49 PM
Hide "Inactive for more than" and "User list" from students Picture of Christos SavvaChristos Savva 3 Emma Richardson
Tue, 1 Aug 2017, 12:23 AM
with loginhttps the cookiesecure security check fails Picture of M. SchneiderM. Schneider 4 M. Schneider
Mon, 31 Jul 2017, 9:26 PM
Is password policy change "retroactive"? Picture of Jacques LeCavalierJacques LeCavalier 3 Emma Richardson
Fri, 28 Jul 2017, 8:36 PM
ycfkurl reported TijgertimTimothy Bolton 1 John Okely
Fri, 28 Jul 2017, 8:08 AM
IP address being blocked by the server Picture of Rick Enderle, Jr.Rick Enderle, Jr. 1 Just H
Tue, 25 Jul 2017, 9:48 AM
SSL Cert on Content switch Picture of S ParkerS Parker 2 James McLean
Tue, 25 Jul 2017, 8:00 AM
Security settings Picture of Ali ShettimaAli Shettima 1 John Okely
Fri, 21 Jul 2017, 10:42 AM
Code security certification Picture of Anand RajendranAnand Rajendran 2 Marcus Green
Fri, 21 Jul 2017, 5:22 AM
Can't enable web services for authentication Picture of Brad SmithBrad Smith 3 Dave Perry
Thu, 20 Jul 2017, 5:09 PM
SQL-Injection Picture of Fabienne NeveuFabienne Neveu 8 kim Rechter
Wed, 19 Jul 2017, 8:59 PM
Default Password policies: Self enrolment vs group enrolment Picture of Mark ChaneyMark Chaney 3 Mark Chaney
Mon, 10 Jul 2017, 9:57 PM
How do I remove "Forgotten your username or password?" in moodle 3.2 Picture of Obuntu CracksObuntu Cracks 3 Ambreen Kiran
Fri, 7 Jul 2017, 6:10 PM
Moving to HTTPS everywhere Picture of Michael AherneMichael Aherne 6 Susan Mangan
Fri, 7 Jul 2017, 7:48 AM
is it possible that category administrator can upload new user and course Picture of rajani guptarajani gupta 2 Ambrish Tiwari
Tue, 4 Jul 2017, 5:53 PM
Antivirus Picture of Ripa DesaiRipa Desai 2 Rahul Rai
Mon, 3 Jul 2017, 8:51 PM
GeoLite Database Picture of Doug MoodyDoug Moody 1 Ken Task
Wed, 21 Jun 2017, 10:26 PM
settings for multiple manager(admin) for each organization Picture of Anand VadiveluAnand Vadivelu 1 gurpreet singh
Tue, 20 Jun 2017, 11:34 PM
Moodle SSL Offloading Picture of Daniel AlvesDaniel Alves 5 Daniel Alves
Tue, 13 Jun 2017, 2:01 AM
create an option to prevent xss injection ? Picture of Julien BoulenJulien Boulen 1 Marina Glancy
Tue, 6 Jun 2017, 10:26 AM
Security for SCORM files Picture of Peter AhernePeter Aherne 2 Mathew Gancarz
Wed, 31 May 2017, 9:55 PM
Security Issue in Moodle 3.2.2: Can you tell me what happened with my content as a Administrator and teacher of a course? Picture of Ricardo RodriguezRicardo Rodriguez 1 Emma Richardson
Wed, 17 May 2017, 11:26 AM
Daniel Esterly - Is Moodle secure to use with Windows 10 Picture of Daniel EsterlyDaniel Esterly 1 John Okely
Mon, 15 May 2017, 8:39 AM
settings required to do for running diff ministry sites on single moodle installation Picture of rajani guptarajani gupta 1 Emma Richardson
Wed, 10 May 2017, 7:53 PM
Access to lesson activities Picture of Joe ChachaJoe Chacha 0 Joe Chacha
Sat, 6 May 2017, 1:00 AM
Manager role with system role - only view site page forum, search for users too Picture of Usman ArshadUsman Arshad 2 Usman Arshad
Thu, 27 Apr 2017, 10:30 PM
How to display home page for non-login user ? Picture of Imran PatelImran Patel 2 Jon Bolton
Mon, 17 Apr 2017, 8:31 PM
Reviewing messages table for bullying incidents Picture of DR LMSDR LMS 1 Mike Hoddee
Tue, 11 Apr 2017, 5:26 PM
security issue Picture of Anderson HsuAnderson Hsu 4 Mike Hoddee
Tue, 11 Apr 2017, 5:23 PM
Site policy > empty frame Picture of Daniel SDaniel S 4 Ken Task
Mon, 10 Apr 2017, 9:04 PM
Plugins security and privacy Picture of Thomas BarnaThomas Barna 2 Jon Bolton
Fri, 31 Mar 2017, 8:36 PM
Recaptcha Picture of Miyone GMiyone G 3 Randy Thornton
Tue, 28 Mar 2017, 2:08 AM
Applying patch to protect against CVE-2017-2641 Picture of B JB J 18 Nadav Kavalerchik
Sat, 25 Mar 2017, 7:38 AM
3.1.4 - new security Announcement: MDL-57597 and MDL-57596 competency Picture of Monica FranzMonica Franz 7 Monica Franz
Fri, 24 Mar 2017, 7:01 PM
What are the best practices to determine if site was affected by security vulnerability Picture of Rex LorenzoRex Lorenzo 1 Randy Thornton
Fri, 24 Mar 2017, 1:48 AM
Folder Password in Moodle Picture of Yonten JamtshoYonten Jamtsho 1 Mary Cooch
Fri, 17 Mar 2017, 3:46 PM
Moodle not caching/Storing LDAP username and passwords Picture of RSA NOCRSA NOC 7 RSA NOC
Wed, 15 Mar 2017, 2:49 AM
Moodle acting as OAuth2 server Picture of Hille HilleHille Hille 0 Hille Hille
Thu, 2 Mar 2017, 1:26 AM
Restrict Access to Categories By User Picture of William WorkmanWilliam Workman 5 John Provasnik
Tue, 28 Feb 2017, 10:42 AM
Cloudflare Security Issue Picture of Matt SpurrierMatt Spurrier 1 Randy Thornton
Tue, 28 Feb 2017, 9:47 AM
How to restrict users who are not using office's computer? Picture of Fung TonyFung Tony 3 Jon Bolton
Thu, 23 Feb 2017, 8:32 PM
Avoiding LDAP data in plain text when you check the source code from a browser Picture of Robespierre GalindoRobespierre Galindo 3 Randy Thornton
Thu, 16 Feb 2017, 6:50 AM
task: download all submissions is possible even when you only are allowed to assess one Picture of Jeus PerezJeus Perez 2 Dave Perry
Mon, 13 Feb 2017, 7:13 PM
Redis Sessions Picture of John RickardJohn Rickard 0 John Rickard
Fri, 10 Feb 2017, 1:30 AM
Move to secure protocol (https) issues Picture of Wes MatchettWes Matchett 8 Ken Task
Wed, 8 Feb 2017, 8:38 AM
Use Self-Signed Certificate Picture of mimi nommimi nom 5 mimi nom
Tue, 7 Feb 2017, 10:44 PM
Can't change a password for the student Picture of Jesse TechnoJesse Techno 2 Jesse Techno
Fri, 3 Feb 2017, 2:49 AM
PHPMailer vulnerability in no-reply address Picture of mimi nommimi nom 4 mimi nom
Tue, 31 Jan 2017, 4:10 PM
loginhttps true = too many redirects? Picture of Christos SavvaChristos Savva 8 Christos Savva
Fri, 20 Jan 2017, 5:16 PM
ClamAV Picture of Pieter PortierPieter Portier 0 Pieter Portier
Wed, 18 Jan 2017, 10:37 PM
[Security] How to protect source code and database from hosting company Picture of Huy LamHuy Lam 7 Dave Perry
Mon, 16 Jan 2017, 7:01 PM
"Guest user has logged in" ? Picture of g kg k 2 Ken Task
Mon, 9 Jan 2017, 12:12 AM
[Security] Moodle showed all users to Sub Category Manager Picture of Huy LamHuy Lam 1 Emma Richardson
Sat, 7 Jan 2017, 3:27 AM
Moodle 3.1.3: Website Adminstration Security Overview Picture of Monica FranzMonica Franz 2 John Okely
Fri, 6 Jan 2017, 9:36 AM
Fun times with Poisoned Cookies! Picture of Robin StarkRobin Stark 1 Randy Thornton
Fri, 23 Dec 2016, 5:20 AM
Limit number of ip adresses per user Picture of marwa bekrarmarwa bekrar 4 Robin Stark
Thu, 22 Dec 2016, 7:00 AM
SSL Proxy woes Picture of Ben SteeplesBen Steeples 20 Robin Stark
Thu, 22 Dec 2016, 6:55 AM
Permissions Issues Picture of Aretha EtienneAretha Etienne 4 Randy Thornton
Thu, 22 Dec 2016, 1:46 AM
Gravatar Advisory: How to Protect Your Email Address and Identity Picture of Nadav KavalerchikNadav Kavalerchik 0 Nadav Kavalerchik
Fri, 9 Dec 2016, 4:14 AM
Caching Picture of Aretha EtienneAretha Etienne 0 Aretha Etienne
Wed, 7 Dec 2016, 4:23 AM
How secure is using admin/tool/uploaduser/index.php Picture of callum Woodcallum Wood 3 Matt Bury
Tue, 6 Dec 2016, 1:12 AM
Page: 1 2 3 4 5 6 7 8 9 10 11 12 ()