Security and privacy

How to keep your Moodle site secure and methods for increasing privacy.

Documentation: Security, Security FAQ and Increasing privacy in Moodle
Forum moderator: Marina Glancy

Before starting a new discussion topic, please check the Security FAQ and try a forum search.

DO NOT REPORT NEW VULNERABILITIES HERE!

New security issues should be reported in the Moodle Tracker with an appropriate security level.


Page: 1 2 3 4 5 6 7 8 9 10 11 12 13 ()
DiscussionStarted byRepliesLast post
PinnedEU General Data Protection Regulation (GDPR) compliance 96 Visvanath Ratnaweera
Wed, 9 May 2018, 1:08 AM
Some student is stealing other students passwords 2 Conn Warwicker
Thu, 21 Jun 2018, 9:37 PM
GDPR - How does retention period work? 5 Richard van Iwaarden
Thu, 21 Jun 2018, 9:16 PM
Disabled permission in admin 0 Luis Flores
Wed, 20 Jun 2018, 1:45 AM
SSL implementation on Moodle 2.7.x 2 Steven Borch
Tue, 19 Jun 2018, 10:09 PM
Policy type 1 Sara Arjona Téllez
Fri, 15 Jun 2018, 5:30 PM
reset admin password? 7 Leonel Felipe Morales Avella
Fri, 15 Jun 2018, 12:09 AM
GDPR Plugins - some questions 30 shinji yamazaki
Thu, 14 Jun 2018, 11:03 AM
User policies > Show user identity field ignored when exporting grades 0 Eoin Campbell
Thu, 7 Jun 2018, 5:09 PM
Multilang policies 0 Andrzej Gal
Thu, 7 Jun 2018, 3:27 PM
Invalid permissions detected in $CFG->dataroot directory, administrator has to fix permissions 0 Jukka Kylliäinen
Tue, 5 Jun 2018, 7:50 PM
Is a logged action created when a user is deleted via a privacy data request? 0 Mike Churchward
Tue, 5 Jun 2018, 3:57 AM
Password security options 2 Dave Perry
Wed, 30 May 2018, 5:05 PM
Data registry - Data Requests when not using it, and 'Subject Scope' 0 Mark Chaney
Wed, 30 May 2018, 4:45 PM
Create new User via Webservice 6 Lê Tú
Wed, 30 May 2018, 3:21 PM
were can I find exhaustive documentation on the GDPR data registry? 2 stefan weber
Tue, 29 May 2018, 5:31 PM
Corrections to the Moodle landscape as a result of the Facebook's breaches 5 Visvanath Ratnaweera
Mon, 28 May 2018, 11:15 PM
Problem with "Force users to log in" option 1 Zoran Jancic
Mon, 28 May 2018, 5:24 PM
GPDR plugin for 2.X moodle 3 koen roggemans
Sat, 26 May 2018, 2:00 AM
GDPR - Manually trigger deletion requests 5 Jan Dageförde
Fri, 25 May 2018, 5:37 PM
GDPR Course retention varies by qual type 15 Mark Chaney
Fri, 25 May 2018, 3:41 PM
GDPR and forum forced subscription 4 Christos Savva
Thu, 24 May 2018, 3:58 PM
Pollicies 0 Andrzej Gal
Wed, 23 May 2018, 7:43 PM
GDPR Privacy API for advanced grading methods 2 Marcus Green
Wed, 23 May 2018, 4:13 PM
How to assess a data breach 5 Visvanath Ratnaweera
Tue, 22 May 2018, 9:40 PM
GDPR plugins: display consent option on first screen? 0 Stewart Carswell
Tue, 22 May 2018, 7:06 PM
DSAR's and Redaction 2 Tim Gildersleeve
Mon, 21 May 2018, 2:48 PM
GDPR plugins Moodle 3.3 5 Ken Task
Sun, 20 May 2018, 8:42 PM
Plugin support for privacy API (split from EU General Data Protection Regulation (GDPR) compliance) 3 Jean-Michel Védrine
Sun, 20 May 2018, 7:08 PM
External tool and CSRF 0 Nicanor García
Wed, 16 May 2018, 11:30 PM
Background info to / clarification on CVE-2017-7298? 0 Temp Account
Wed, 16 May 2018, 1:25 PM
monitoring course changes 3 Jennifer Meyer
Tue, 15 May 2018, 9:19 PM
monitoring course changes 0 Jennifer Meyer
Tue, 15 May 2018, 2:29 AM
Incoming mail configuration with Google accounts detected as insecure 11 Iñigo Zendegi Urzelai
Mon, 14 May 2018, 3:22 PM
automated backups 6 Paul Raper
Mon, 14 May 2018, 3:05 AM
data privacy plugin 3.3.5 hanging in cron 10 Tim Gildersleeve
Fri, 11 May 2018, 4:08 PM
ClamAV - clamdscan 3 callum Wood
Fri, 4 May 2018, 6:14 PM
GDPR Policies Plugin - Any facility for Optional? 4 Randy Thornton
Wed, 2 May 2018, 11:55 PM
Migrating my Moodle Site From HTTP to HTTPS 3 callum Wood
Wed, 2 May 2018, 7:16 PM
I think we were hacked 8 Ken Task
Wed, 2 May 2018, 6:45 AM
https & sensitive info 5 Visvanath Ratnaweera
Wed, 2 May 2018, 1:25 AM
Moodle 'Site News' is public, it needs to be private. Help. 2 roshan kolar
Tue, 1 May 2018, 1:31 PM
GDPR: config settings as user preferences in blocks 6 Randy Thornton
Tue, 1 May 2018, 12:44 AM
Policy & Privacy Plugin help 3 Mark Lewis
Sun, 29 Apr 2018, 7:45 PM
GDPR and Custom Reports 2 Randy Thornton
Fri, 27 Apr 2018, 11:49 AM
Delete "graduated" students (GDPR) 1 Randy Thornton
Fri, 27 Apr 2018, 11:45 AM
Hiding Student Names from Graders 1 John Provasnik
Fri, 27 Apr 2018, 3:17 AM
Same moodle server to cater both Intranet & Internet 9 Ken Task
Wed, 25 Apr 2018, 6:01 PM
Erasing optional field data 6 Alicia Wallace
Tue, 24 Apr 2018, 6:43 PM
Bug bounty by Detectify 1 Marina Glancy
Tue, 24 Apr 2018, 11:13 AM
You are considered to be a digital minor 4 Bente Olsen
Sun, 22 Apr 2018, 3:53 AM
saml - sso error 1 Ken Task
Wed, 18 Apr 2018, 2:16 AM
GDPR plugins - Category & Purpose 6 Adrian Greeve
Tue, 17 Apr 2018, 4:42 PM
Trusted content permission does not work for Teacher role, XSS vulnerable? 2 Sascha Leblanc
Tue, 17 Apr 2018, 3:36 AM
Report page visible to web 3 Ken Task
Sat, 14 Apr 2018, 12:57 AM
Privacy / Site / Cookie Policies (GDPR) 2 Gareth J Barnard
Wed, 11 Apr 2018, 6:28 PM
pseudonymization/anonymization of deleted users 2 Alexandra F
Tue, 10 Apr 2018, 7:51 PM
user always online 3 Visvanath Ratnaweera
Fri, 6 Apr 2018, 3:28 PM
Security vulnerability 0 İdiye ÖKTEN
Tue, 3 Apr 2018, 8:51 PM
Limit Course Access by Special LDAP Attribute 0 Jeff Jones
Sat, 31 Mar 2018, 1:21 AM
Plugins DB and external services (GDPR related) 1 Andrew Nicols
Fri, 30 Mar 2018, 7:12 AM
Moodle security 6 Mathew Gancarz
Thu, 29 Mar 2018, 10:45 PM
Moodle blocked out after IP listing 1 Visvanath Ratnaweera
Wed, 28 Mar 2018, 3:53 AM
Ferpa and moodle 20 Rick Jerz
Mon, 26 Mar 2018, 11:19 PM
Privacy issue: how to disable Analytics completely 7 Randy Thornton
Wed, 21 Mar 2018, 12:39 PM
Database encryption 1 Mathew Gancarz
Wed, 21 Mar 2018, 5:12 AM
Authentication Keys Plugin Needed 0 Donna Betancourt
Fri, 9 Mar 2018, 10:54 AM
Privacy concens regarding the mobile push notifications 16 Beni Keller
Mon, 5 Mar 2018, 1:34 AM
restrict guest access for courses in a specific category 5 Emma Richardson
Sun, 4 Mar 2018, 8:44 PM
Hacked or some kind of update? 1 Moodle Admin
Wed, 28 Feb 2018, 3:52 AM
Locking documents so that they can not be printed or downloaded directly? 5 Randy Thornton
Tue, 27 Feb 2018, 3:49 AM
SSL implementation on Moodle 7 Syed Ali
Thu, 22 Feb 2018, 4:58 AM
Add Custom Salt to Unique Salt for Better Hashed Password? 2 Iñaki Arenaza
Sun, 18 Feb 2018, 9:02 PM
File permissions on webroot vs installing plugins 1 Ken Task
Tue, 6 Feb 2018, 8:26 PM
Plugin to upload and secure external exam results? 0 Ruth Horak
Mon, 5 Feb 2018, 11:58 PM
LDAP and non-LDAP? 2 Mike Stewart
Mon, 5 Feb 2018, 11:21 PM
Virus detected on file download HELP! 7 Ken Task
Fri, 2 Feb 2018, 12:25 AM
ycfkurl reported 2 Tristin Mock
Wed, 31 Jan 2018, 6:18 AM
The Web Application Firewall Blocks Most of the Actions 1 Dan Marsden
Mon, 22 Jan 2018, 3:47 PM
Deny access to/Hide participant listing when logged in 4 Randy Thornton
Sat, 20 Jan 2018, 1:41 AM
Moodle Security Alerts - SPAM 1 Ken Task
Mon, 15 Jan 2018, 4:30 PM
Access to Moodle 5 Ray Lawrence
Thu, 11 Jan 2018, 8:13 PM
About the OAuth 2 services 2 Cheryl Tsai
Thu, 28 Dec 2017, 10:55 AM
Unauthorized person created an account 4 Walter Byrd
Sun, 17 Dec 2017, 3:29 AM
Moodle SimpleSAML Error 1 Leon Stringer
Fri, 15 Dec 2017, 7:15 PM
Use Self-Signed Certificate 6 Harsh Patel
Fri, 15 Dec 2017, 6:41 PM
SSL Cert on Content switch 3 Harsh Patel
Fri, 15 Dec 2017, 5:56 PM
Prevent seeing Permissions for others 1 Andy Hill
Fri, 15 Dec 2017, 2:28 PM
SSL setup issues on Moodle 3.2.3 4 Harsh Patel
Fri, 15 Dec 2017, 2:10 PM
Users can't see their own "full profile" 0 Krisha Moeller
Fri, 15 Dec 2017, 8:57 AM
ClamAV 1 Alain Raap
Thu, 14 Dec 2017, 7:51 PM
Moodle Login Form Encryption 2 James McLean
Tue, 12 Dec 2017, 6:18 PM
Site policy acceptance logs 3 Eric Katchan
Mon, 11 Dec 2017, 10:02 PM
Login and get someone else's account 5 Rachel Whitton
Fri, 8 Dec 2017, 4:46 PM
Students can see other students enrolled in a course 0 Jacques Technologies
Fri, 8 Dec 2017, 9:59 AM
DRM and Course content protection. 1 Dave Perry
Mon, 4 Dec 2017, 5:49 PM
Help with redirect from HTTP to HTTPS 14 Madison Quinn
Fri, 1 Dec 2017, 3:23 PM
a user with student privilege change another user's password 1 Mathew Gancarz
Wed, 29 Nov 2017, 3:56 AM
Privacy concerns using the Google Document Converter (annotate a pdf) 4 Sergio Rabellino
Sun, 26 Nov 2017, 9:38 PM
API test for Moodle (v2.6) with Postman 0 Shantanu Mitra
Sat, 25 Nov 2017, 10:21 PM
Page: 1 2 3 4 5 6 7 8 9 10 11 12 13 ()