Security and privacy

How to keep your Moodle site secure and methods for increasing privacy.

Documentation: Security, Security FAQ and Increasing privacy in Moodle
Forum moderator: Marina Glancy

Before starting a new discussion topic, please check the Security FAQ and try a forum search.

DO NOT REPORT NEW VULNERABILITIES HERE!

New security issues should be reported in the Moodle Tracker with an appropriate security level.


Page: 1 2 3 4 5 6 7 8 9 10 11 12 13 ()
DiscussionStarted byRepliesLast post
PinnedEU General Data Protection Regulation (GDPR) compliance 96 Visvanath Ratnaweera
Wed, 9 May 2018, 1:08 AM
Backup of user data 3 Mary Cooch
Fri, 17 Aug 2018, 9:30 PM
Backup policy 7 Ken Task
Fri, 17 Aug 2018, 9:08 PM
How long should HTTPS conversion run? 0 Content Ed
Wed, 15 Aug 2018, 8:07 PM
XSS Trusted Users list longer than it should be given our settings 0 Janet Osborne
Sat, 11 Aug 2018, 7:39 AM
GDPR / data registry / data deletion plugins - questions, discussion and experiences 1 Howard Miller
Tue, 7 Aug 2018, 8:28 PM
Access Reserved to Moodle Maintenance Mode 1 Mary Cooch
Tue, 7 Aug 2018, 6:50 PM
Found Code injection in moodle instance 0 Prasanna H
Tue, 7 Aug 2018, 1:15 PM
Force HTTPS 1 Moodle Admin
Sun, 5 Aug 2018, 7:32 PM
problem in securing the login page 2 Moodle Admin
Sun, 5 Aug 2018, 7:24 PM
Deleting old users 1 Moodle Admin
Sun, 5 Aug 2018, 7:21 PM
using ClamAV to scan for malicious macros in office files 1 Moodle Admin
Sun, 5 Aug 2018, 6:56 PM
SQL injection via Scorm package 7 Matteo Scaramuccia
Wed, 1 Aug 2018, 6:13 PM
Folder and file permissions for Moodledata and Moodle 8 Matteo Scaramuccia
Tue, 31 Jul 2018, 10:17 PM
How to disable 3.5.1 cookie policy popup? 1 Randy Thornton
Wed, 25 Jul 2018, 3:56 AM
GDPR Plugins - some questions 32 Jun Pataleta
Thu, 19 Jul 2018, 9:24 AM
Cookie Consent and Privacy Notice Popup 4 Casero Patrizia
Thu, 19 Jul 2018, 3:15 AM
Recommendations for the permissions on the server 1 Visvanath Ratnaweera
Tue, 17 Jul 2018, 12:27 PM
Last login information on user profile 1 Ray Lawrence
Tue, 10 Jul 2018, 3:40 PM
Bugs: Code Injection in Moodle? 1 Tim Hunt
Tue, 10 Jul 2018, 2:07 AM
Critical Security Warning - Guest role 2 Emma Richardson
Mon, 9 Jul 2018, 8:04 PM
Students contact details hiden from each other 1 Emma Richardson
Mon, 9 Jul 2018, 7:59 PM
Verifying identity of students 3 altan ahmet
Thu, 5 Jul 2018, 6:34 PM
Random HTTP 403 Errors 3 Raymond Frangie
Wed, 4 Jul 2018, 8:06 AM
ClamAV and FastCGI 4 Matteo Scaramuccia
Wed, 4 Jul 2018, 5:37 AM
Is Facebook review required for Facebook login? 0 Claus Tøndering
Sat, 30 Jun 2018, 5:31 PM
Fix Blind SQL Injection 8 Ken Task
Fri, 29 Jun 2018, 6:59 PM
Some student is stealing other students passwords 2 Conn Warwicker
Thu, 21 Jun 2018, 9:37 PM
GDPR - How does retention period work? 5 Richard van Iwaarden
Thu, 21 Jun 2018, 9:16 PM
Disabled permission in admin 0 Luis Flores
Wed, 20 Jun 2018, 1:45 AM
SSL implementation on Moodle 2.7.x 2 Steven Borch
Tue, 19 Jun 2018, 10:09 PM
Policy type 1 Sara Arjona Téllez
Fri, 15 Jun 2018, 5:30 PM
reset admin password? 7 Leonel Felipe Morales Avella
Fri, 15 Jun 2018, 12:09 AM
User policies > Show user identity field ignored when exporting grades 0 Eoin Campbell
Thu, 7 Jun 2018, 5:09 PM
Multilang policies 0 Andrzej Gal
Thu, 7 Jun 2018, 3:27 PM
Invalid permissions detected in $CFG->dataroot directory, administrator has to fix permissions 0 Jukka Kylliäinen
Tue, 5 Jun 2018, 7:50 PM
Is a logged action created when a user is deleted via a privacy data request? 0 Mike Churchward
Tue, 5 Jun 2018, 3:57 AM
Password security options 2 Dave Perry
Wed, 30 May 2018, 5:05 PM
Data registry - Data Requests when not using it, and 'Subject Scope' 0 Mark Chaney
Wed, 30 May 2018, 4:45 PM
Create new User via Webservice 6 Lê Tú
Wed, 30 May 2018, 3:21 PM
were can I find exhaustive documentation on the GDPR data registry? 2 stefan weber
Tue, 29 May 2018, 5:31 PM
Corrections to the Moodle landscape as a result of the Facebook's breaches 5 Visvanath Ratnaweera
Mon, 28 May 2018, 11:15 PM
Problem with "Force users to log in" option 1 Zoran Jancic
Mon, 28 May 2018, 5:24 PM
GPDR plugin for 2.X moodle 3 koen roggemans
Sat, 26 May 2018, 2:00 AM
GDPR - Manually trigger deletion requests 5 Jan Dageförde
Fri, 25 May 2018, 5:37 PM
GDPR Course retention varies by qual type 15 Mark Chaney
Fri, 25 May 2018, 3:41 PM
GDPR and forum forced subscription 4 Christos Savva
Thu, 24 May 2018, 3:58 PM
Pollicies 0 Andrzej Gal
Wed, 23 May 2018, 7:43 PM
GDPR Privacy API for advanced grading methods 2 Marcus Green
Wed, 23 May 2018, 4:13 PM
How to assess a data breach 5 Visvanath Ratnaweera
Tue, 22 May 2018, 9:40 PM
GDPR plugins: display consent option on first screen? 0 Stewart Carswell
Tue, 22 May 2018, 7:06 PM
DSAR's and Redaction 2 Tim Gildersleeve
Mon, 21 May 2018, 2:48 PM
GDPR plugins Moodle 3.3 5 Ken Task
Sun, 20 May 2018, 8:42 PM
Plugin support for privacy API (split from EU General Data Protection Regulation (GDPR) compliance) 3 Jean-Michel Védrine
Sun, 20 May 2018, 7:08 PM
External tool and CSRF 0 Nicanor García
Wed, 16 May 2018, 11:30 PM
Background info to / clarification on CVE-2017-7298? 0 Temp Account
Wed, 16 May 2018, 1:25 PM
monitoring course changes 3 Jennifer Meyer
Tue, 15 May 2018, 9:19 PM
monitoring course changes 0 Jennifer Meyer
Tue, 15 May 2018, 2:29 AM
Incoming mail configuration with Google accounts detected as insecure 11 Iñigo Zendegi Urzelai
Mon, 14 May 2018, 3:22 PM
automated backups 6 Paul Raper
Mon, 14 May 2018, 3:05 AM
data privacy plugin 3.3.5 hanging in cron 10 Tim Gildersleeve
Fri, 11 May 2018, 4:08 PM
ClamAV - clamdscan 3 callum Wood
Fri, 4 May 2018, 6:14 PM
GDPR Policies Plugin - Any facility for Optional? 4 Randy Thornton
Wed, 2 May 2018, 11:55 PM
Migrating my Moodle Site From HTTP to HTTPS 3 callum Wood
Wed, 2 May 2018, 7:16 PM
I think we were hacked 8 Ken Task
Wed, 2 May 2018, 6:45 AM
https & sensitive info 5 Visvanath Ratnaweera
Wed, 2 May 2018, 1:25 AM
Moodle 'Site News' is public, it needs to be private. Help. 2 roshan kolar
Tue, 1 May 2018, 1:31 PM
GDPR: config settings as user preferences in blocks 6 Randy Thornton
Tue, 1 May 2018, 12:44 AM
Policy & Privacy Plugin help 3 Mark Lewis
Sun, 29 Apr 2018, 7:45 PM
GDPR and Custom Reports 2 Randy Thornton
Fri, 27 Apr 2018, 11:49 AM
Delete "graduated" students (GDPR) 1 Randy Thornton
Fri, 27 Apr 2018, 11:45 AM
Hiding Student Names from Graders 1 John Provasnik
Fri, 27 Apr 2018, 3:17 AM
Same moodle server to cater both Intranet & Internet 9 Ken Task
Wed, 25 Apr 2018, 6:01 PM
Erasing optional field data 6 Alicia Wallace
Tue, 24 Apr 2018, 6:43 PM
Bug bounty by Detectify 1 Marina Glancy
Tue, 24 Apr 2018, 11:13 AM
You are considered to be a digital minor 4 Bente Olsen
Sun, 22 Apr 2018, 3:53 AM
saml - sso error 1 Ken Task
Wed, 18 Apr 2018, 2:16 AM
GDPR plugins - Category & Purpose 6 Adrian Greeve
Tue, 17 Apr 2018, 4:42 PM
Trusted content permission does not work for Teacher role, XSS vulnerable? 2 Sascha Leblanc
Tue, 17 Apr 2018, 3:36 AM
Report page visible to web 3 Ken Task
Sat, 14 Apr 2018, 12:57 AM
Privacy / Site / Cookie Policies (GDPR) 2 Gareth J Barnard
Wed, 11 Apr 2018, 6:28 PM
pseudonymization/anonymization of deleted users 2 Alexandra F
Tue, 10 Apr 2018, 7:51 PM
user always online 3 Visvanath Ratnaweera
Fri, 6 Apr 2018, 3:28 PM
Security vulnerability 0 İdiye ÖKTEN
Tue, 3 Apr 2018, 8:51 PM
Limit Course Access by Special LDAP Attribute 0 Jeff Jones
Sat, 31 Mar 2018, 1:21 AM
Plugins DB and external services (GDPR related) 1 Andrew Nicols
Fri, 30 Mar 2018, 7:12 AM
Moodle security 6 Mathew Gancarz
Thu, 29 Mar 2018, 10:45 PM
Moodle blocked out after IP listing 1 Visvanath Ratnaweera
Wed, 28 Mar 2018, 3:53 AM
Ferpa and moodle 20 Rick Jerz
Mon, 26 Mar 2018, 11:19 PM
Privacy issue: how to disable Analytics completely 7 Randy Thornton
Wed, 21 Mar 2018, 12:39 PM
Database encryption 1 Mathew Gancarz
Wed, 21 Mar 2018, 5:12 AM
Authentication Keys Plugin Needed 0 Donna Betancourt
Fri, 9 Mar 2018, 10:54 AM
Privacy concens regarding the mobile push notifications 16 Beni Keller
Mon, 5 Mar 2018, 1:34 AM
restrict guest access for courses in a specific category 5 Emma Richardson
Sun, 4 Mar 2018, 8:44 PM
Hacked or some kind of update? 1 Moodle Admin
Wed, 28 Feb 2018, 3:52 AM
Locking documents so that they can not be printed or downloaded directly? 5 Randy Thornton
Tue, 27 Feb 2018, 3:49 AM
SSL implementation on Moodle 7 Syed Ali
Thu, 22 Feb 2018, 4:58 AM
Add Custom Salt to Unique Salt for Better Hashed Password? 2 Iñaki Arenaza
Sun, 18 Feb 2018, 9:02 PM
File permissions on webroot vs installing plugins 1 Ken Task
Tue, 6 Feb 2018, 8:26 PM
Plugin to upload and secure external exam results? 0 Ruth Horak
Mon, 5 Feb 2018, 11:58 PM
Page: 1 2 3 4 5 6 7 8 9 10 11 12 13 ()