Security and privacy

How to keep your Moodle site secure and methods for increasing privacy.

Documentation: Security, Security FAQ and Increasing privacy in Moodle

Before starting a new discussion topic, please check the Security FAQ and try a forum search.

DO NOT REPORT NEW VULNERABILITIES HERE!

New security issues should be reported in the Moodle Tracker with an appropriate security level.


Page: 1 2 3 4 5 6 7 8 9 10 11 12 13 ()
DiscussionStarted byRepliesLast post
PinnedEU General Data Protection Regulation (GDPR) compliance 97 Ewan McGhee
Wed, 17 May 2017, 9:03 PM
How to Download my Personal Data or other's Data 10 Alan Schrock
Thu, 29 Nov 2018, 10:50 PM
ClamAV server 1 Dave Perry
Wed, 12 Dec 2018, 5:07 PM
How do I finetune Website Copier HTTrack or Cyotek WebCopy? 0 Rolf Cper
Wed, 12 Dec 2018, 5:01 PM
disable video right click 1 Rick Jerz
Sat, 8 Dec 2018, 3:14 AM
Cell-like groups possible? 0 Sam Stevens
Wed, 5 Dec 2018, 5:18 PM
Quiz Answers "Keywords" Not Working 3 deepak rs
Tue, 4 Dec 2018, 1:36 AM
User's Choice of Course 0 deepak rs
Tue, 4 Dec 2018, 1:20 AM
adding a wildcard security ssl for a plugin 0 Aretha Etienne
Sat, 1 Dec 2018, 1:51 AM
Unable to Log In as admin - Moodle 3.5 1 Emma Richardson
Fri, 30 Nov 2018, 7:01 PM
Manual enrollment and obligate change password 0 Reinier Batterink
Fri, 30 Nov 2018, 4:41 PM
HTTPS issue 1 Chris Nelson
Wed, 28 Nov 2018, 9:48 AM
ClamAV Plugin Config Paths 3 Wolf Ventir
Wed, 21 Nov 2018, 4:44 AM
Corrections to the Moodle landscape as a result of the Facebook's breaches 7 Visvanath Ratnaweera
Tue, 27 Mar 2018, 11:18 PM
content protection method 2 dave lewis
Mon, 26 Nov 2018, 8:31 PM
No checkboxes on Data Requests page 2 Alex Sandu
Thu, 22 Nov 2018, 11:15 PM
reset admin password? 9 Lea Cohen
Tue, 6 Jun 2017, 4:44 AM
HTTP to HTTPS 1 Ken Task
Sun, 25 Nov 2018, 7:13 AM
data privacy plugin 3.3.5 hanging in cron 11 John Packiaraj
Wed, 9 May 2018, 5:25 PM
The perils of the BIG "helping" school IT 1 Visvanath Ratnaweera
Mon, 19 Nov 2018, 7:42 PM
Problem with HTTPS 1 AL Rachels
Mon, 19 Nov 2018, 11:03 AM
Fast registration possible? 6 Visvanath Ratnaweera
Fri, 9 Nov 2018, 9:38 PM
looking for vulnerable (old) plugins for Moodle 1 Dan Marsden
Mon, 19 Nov 2018, 4:11 AM
Completely isolated courses 10 Kerstin Namuth
Fri, 9 Nov 2018, 4:58 AM
Privacy Policy - Different Languages 5 Ralf Hilgenstock
Fri, 19 Oct 2018, 6:26 PM
email alert when new users are created 2 Raman Joshi
Fri, 9 Nov 2018, 6:09 PM
Need Assistance on Installing SSL Wildcard Certificate Moodle3.2.4 Apache 0 Aretha Etienne
Mon, 12 Nov 2018, 10:54 PM
Mail bomb afther update 6-11-2018 4 Ralf Hilgenstock
Thu, 8 Nov 2018, 3:00 PM
Password recovery from login page : a strange screen 1 Emma Richardson
Wed, 7 Nov 2018, 8:09 AM
Data requests retention period 2 Leon Erasmus
Fri, 9 Nov 2018, 2:15 PM
Building in SHA-256 hashing for javascript 15 Garrett Boone
Mon, 22 Oct 2018, 8:47 PM
Can my instructor see my activities outside his course? 1 Tim Hunt
Mon, 5 Nov 2018, 9:34 AM
Secure coukies 0 mimi nom
Sat, 3 Nov 2018, 5:40 PM
A required parameter token was missing 2 Ross Quinnell
Fri, 26 Oct 2018, 10:42 PM
SSL connection to Moodle DB? 13 Garrett Boone
Tue, 2 Oct 2018, 11:32 PM
Contacts tab in messaging provides list of all users (GDPR issue?) 8 Gemma Lesterhuis
Thu, 20 Sep 2018, 4:29 PM
[3.5]Insecure files/folders Moodle? 2 Richard van Iwaarden
Thu, 18 Oct 2018, 7:21 PM
XSS Trusted Users list longer than it should be given our settings 3 Janet Osborne
Sat, 11 Aug 2018, 7:39 AM
Getting ClamAV Daemon working in Ubuntu 18.04 0 Mark Sharp
Fri, 19 Oct 2018, 12:18 AM
restrict guest access for courses in a specific category 6 Louise Hawkins
Thu, 10 Aug 2017, 7:25 PM
Data registry and data deletion 1 Andrew Nicols
Tue, 9 Oct 2018, 11:50 PM
When logging in, I'm getting a "logout/cancel" popup every time 3 Jan Waginski
Thu, 4 Oct 2018, 7:48 PM
Deceptive site ahead - Phishing 6 Ken Task
Thu, 4 Oct 2018, 12:44 AM
Securing the platform and databases best approach? 7 Jerry Lau
Sun, 23 Sep 2018, 1:58 AM
User data in joint activities 0 Kerstin Namuth
Fri, 28 Sep 2018, 4:32 PM
Is there a way to set manager role to be able to enroll student to certain Course categories only? 0 Maddy Fu
Wed, 26 Sep 2018, 9:32 AM
Changing Content on Alternate login URL 0 Jennifer Belisle
Mon, 24 Sep 2018, 10:58 PM
Is there a way to completely delete users including all their data? 7 Andrew Nicols
Tue, 18 Sep 2018, 8:53 PM
Incoming mail configuration with Google accounts detected as insecure 12 Iñigo Zendegi Urzelai
Mon, 5 Mar 2018, 9:06 PM
How to prevent script tag in search URL 1 Ruslan Kabalin
Fri, 14 Sep 2018, 3:12 PM
Define roles by IP address 0 Tamar Alania
Fri, 14 Sep 2018, 9:27 PM
Data privacy plugin and quizzes 3 Jonas Asa.
Thu, 13 Sep 2018, 11:36 PM
How long should HTTPS conversion run? 1 Marveen Joee
Wed, 15 Aug 2018, 8:05 PM
Students can see other students enrolled in a course 1 Mohamed Gad
Fri, 8 Dec 2017, 9:59 AM
Log in issue 3 Emma Richardson
Thu, 23 Aug 2018, 9:43 PM
Security for docs and videos in moodle 0 Jenn MapMaven
Wed, 29 Aug 2018, 9:40 PM
Could a quickly changing client IP upset the log in process? 3 Visvanath Ratnaweera
Wed, 22 Aug 2018, 8:10 PM
Backup policy 8 Ken Task
Thu, 12 Jul 2018, 8:39 PM
security Issue of Moodle 3 Richard van Iwaarden
Tue, 21 Aug 2018, 9:34 PM
Backup of user data 3 Mary Cooch
Wed, 15 Aug 2018, 8:32 PM
GDPR / data registry / data deletion plugins - questions, discussion and experiences 1 Howard Miller
Tue, 7 Aug 2018, 7:00 PM
Access Reserved to Moodle Maintenance Mode 1 Mary Cooch
Tue, 7 Aug 2018, 6:38 PM
Found Code injection in moodle instance 0 Prasanna H
Tue, 7 Aug 2018, 1:15 PM
Force HTTPS 1 Moodle Admin
Wed, 4 Jul 2018, 6:49 PM
problem in securing the login page 2 Moodle Admin
Wed, 25 Jul 2018, 8:26 PM
Deleting old users 1 Moodle Admin
Tue, 31 Jul 2018, 5:35 PM
using ClamAV to scan for malicious macros in office files 1 Moodle Admin
Tue, 31 Jul 2018, 8:25 PM
SQL injection via Scorm package 7 Matteo Scaramuccia
Mon, 23 Jul 2018, 10:21 PM
Folder and file permissions for Moodledata and Moodle 8 Matteo Scaramuccia
Thu, 26 Jul 2018, 7:11 PM
How to disable 3.5.1 cookie policy popup? 1 Randy Thornton
Wed, 25 Jul 2018, 12:59 AM
GDPR Plugins - some questions 32 Jun Pataleta
Thu, 19 Apr 2018, 9:13 PM
Cookie Consent and Privacy Notice Popup 4 Casero Patrizia
Fri, 13 Jul 2018, 9:41 PM
Recommendations for the permissions on the server 1 Visvanath Ratnaweera
Mon, 16 Jul 2018, 6:19 PM
Last login information on user profile 1 Ray Lawrence
Mon, 9 Jul 2018, 7:24 PM
Bugs: Code Injection in Moodle? 1 Tim Hunt
Tue, 10 Jul 2018, 12:11 AM
Critical Security Warning - Guest role 2 Emma Richardson
Mon, 2 Jul 2018, 7:44 PM
Students contact details hiden from each other 1 Emma Richardson
Mon, 9 Jul 2018, 7:21 PM
Verifying identity of students 3 altan ahmet
Wed, 4 Jul 2018, 10:45 PM
Random HTTP 403 Errors 3 Raymond Frangie
Mon, 2 Jul 2018, 1:37 PM
ClamAV and FastCGI 4 Matteo Scaramuccia
Mon, 2 Jul 2018, 9:38 PM
User deletion not GDPR compliant : personal data not deleted (lastip) 3 Adrian Greeve
Fri, 29 Jun 2018, 4:45 PM
Is Facebook review required for Facebook login? 0 Claus Tøndering
Sat, 30 Jun 2018, 5:31 PM
Fix Blind SQL Injection 8 Ken Task
Tue, 26 Jun 2018, 5:11 AM
Some student is stealing other students passwords 2 Conn Warwicker
Wed, 20 Jun 2018, 2:34 AM
GDPR - How does retention period work? 5 Richard van Iwaarden
Wed, 6 Jun 2018, 5:56 PM
Disabled permission in admin 0 Luis Flores
Wed, 20 Jun 2018, 1:45 AM
SSL implementation on Moodle 2.7.x 2 Steven Borch
Mon, 18 Jun 2018, 11:01 PM
Policy type 1 Sara Arjona Téllez
Thu, 14 Jun 2018, 6:12 PM
User policies > Show user identity field ignored when exporting grades 0 Eoin Campbell
Thu, 7 Jun 2018, 5:09 PM
Multilang policies 0 Piotr Widak
Thu, 7 Jun 2018, 3:27 PM
Invalid permissions detected in $CFG->dataroot directory, administrator has to fix permissions 0 Jukka Kylliäinen
Tue, 5 Jun 2018, 7:50 PM
Is a logged action created when a user is deleted via a privacy data request? 0 Mike Churchward
Tue, 5 Jun 2018, 3:57 AM
Password security options 2 Dave Perry
Tue, 29 May 2018, 8:56 PM
Data registry - Data Requests when not using it, and 'Subject Scope' 0 Mark Chaney
Wed, 30 May 2018, 4:45 PM
Create new User via Webservice 6 Lê Tú
Tue, 13 Feb 2018, 3:17 PM
were can I find exhaustive documentation on the GDPR data registry? 2 stefan weber
Fri, 25 May 2018, 3:01 AM
Problem with "Force users to log in" option 1 Zoran Jancic
Thu, 24 May 2018, 10:54 PM
GPDR plugin for 2.X moodle 3 koen roggemans
Wed, 23 May 2018, 8:34 PM
GDPR - Manually trigger deletion requests 5 Jan Dageförde
Wed, 23 May 2018, 11:39 PM
GDPR Course retention varies by qual type 15 Mark Chaney
Fri, 4 May 2018, 5:22 PM
Page: 1 2 3 4 5 6 7 8 9 10 11 12 13 ()