Security and privacy

How to keep your Moodle site secure and methods for increasing privacy.

Documentation: Security, Security FAQ and Increasing privacy in Moodle

Before starting a new discussion topic, please check the Security FAQ and try a forum search.


New security issues should be reported in the Moodle Tracker with an appropriate security level.

DiscussionStarted byRepliesLast post
PinnedEU General Data Protection Regulation (GDPR) compliance 97 Ewan McGhee
How can I block cURLs to eliminate phony accounts? 1 Ken Task
Firewall problem 3 Emma Richardson
Moodle reverse proxy and URL replace.php not working 11 Ken Task
security problem with mod/scorm/datamodel.php 1 Dan Marsden
Audit log of user activity 3 Rick Jerz
LDAP Authantication 3 Leon Stringer
Plugin privacy registry shows nothing 0 Lorin Toews
Password Issue with moodle 3.4.6 0 Tech Academy
Secure MP4 videos 5 Matt Bury
Is Moodle OWASP compliant? 1 Dan Marsden
login to Moodle from a script/application 3 Kris Van Gelder
Is there a way to completely delete users including all their data? 24 stefan weber
Confidentiality policy for forum / posts sent 0 Francis Vendrell
SSL installation 1 Jon Bolton
Password Reset Process 0 Pince AUS
LTI Vulnerability 4 Robert Kovacich
The Policy consent form for the teachers only? 1 Emma Richardson
Data export and GDPR comliance 3 Flotter Totte
Activity completion and GDPR compliance 2 Flotter Totte
Content lockdown 6 Jon Bolton
Anonymizing Data on Students 5 Zoran Jancic
Cookie Consent and Privacy Notice Popup 5 Fer Ed
Is thar any way to make Moodle site at least basicly GDPR compliant? 0 Zoran Jancic
Deleting old users 2 Zoran Jancic
Restricting Access by Cohort 1 Zoran Jancic
Deleting user accounts for users that are not using the system anymore 0 Zoran Jancic
Any Idea on the Possibility of Hacking? 2 Rafiq Muhammad
defining admin/mamager role for specific course 1 altan ahmet
Testing Moodle security 1 Tim Hunt
Changes to Password Procedure 3 Conor O'Neill
ssl problem 0 FaRzad Shami
can we make visible course only for an IP address ? 1 Ken Task
adding additional admins & assigning specific roles 3 altan ahmet
Cohorts View hidden categories 1 Dave Perry
Notifications regarding Data Privacy requests processing 0 seaghan moriarty
Removal of loginpasswordautocomplete Headaches 0 Wolf Ventir
Deleted users still show up in Forum thread overview 5 Alan Schrock
Does Moodle log admin activity? 2 Cathal O'Riordan
How long should HTTPS conversion run? 2 Zainab Iftikhar
Firewall Recommended Settings 4 Ali Arekat
OSSEC blocks ajax call 0 Venizia Venizia
Moodle 3.6.1+ (20181210) issue with tool_policy 2 Joost Elshoff
dataprivacy tool blocking cron job from running 0 stefan weber
GDPR is a no go for now 1 Tim Hunt
Can't edit moodle's password policy 2 Salome Tkhilaishvili
Suppression of advice about php register_global at documentation 0 Joan Cervan
User Policy and agrement 1 Ralf Hilgenstock
Lots of invalid login token errors in the logs 14 Diane Soini
SSL connection to Moodle DB? 33 Garrett Boone
Plugin privacy registry error 2 Andrew Nicols
How to Download my Personal Data or other's Data 16 Alan Schrock
Host with LiquidWeb - mod_security rules 2 Ken Task
ClamAV and Cwatch 4 Wynand Louw
Corrections to the Moodle landscape as a result of the Facebook's breaches 8 Visvanath Ratnaweera
ClamAV server 2 Matteo Scaramuccia
Restrict teacher's ability to backup courses including userdata? 2 stefan weber
GuardianKey - A new plugin of Security 0 Gesiel Bernardes
IP blocker error when access via html script 0 Karishma Tiwari
How do I finetune Website Copier HTTrack or Cyotek WebCopy? 0 Rolf Cper
disable video right click 1 Rick Jerz
Cell-like groups possible? 0 Sam Stevens
Quiz Answers "Keywords" Not Working 3 deepak rs
User's Choice of Course 0 deepak rs
adding a wildcard security ssl for a plugin 0 Aretha Etienne
Unable to Log In as admin - Moodle 3.5 1 Emma Richardson
Manual enrollment and obligate change password 0 Reinier Batterink
HTTPS issue 1 Chris Nelson
ClamAV Plugin Config Paths 3 Wolf Ventir
content protection method 2 dave lewis
No checkboxes on Data Requests page 2 Alex Sandu
reset admin password? 9 Lea Cohen
HTTP to HTTPS 1 Ken Task
data privacy plugin 3.3.5 hanging in cron 11 John Packiaraj
The perils of the BIG "helping" school IT 1 Visvanath Ratnaweera
Problem with HTTPS 1 AL Rachels
Fast registration possible? 6 Visvanath Ratnaweera
looking for vulnerable (old) plugins for Moodle 1 Dan Marsden
Completely isolated courses 10 Kerstin Namuth
Privacy Policy - Different Languages 5 Ralf Hilgenstock
email alert when new users are created 2 Raman Joshi
Need Assistance on Installing SSL Wildcard Certificate Moodle3.2.4 Apache 0 Aretha Etienne
Mail bomb afther update 6-11-2018 4 Ralf Hilgenstock
Password recovery from login page : a strange screen 1 Emma Richardson
Data requests retention period 2 Leon Erasmus
Building in SHA-256 hashing for javascript 15 Garrett Boone
Can my instructor see my activities outside his course? 1 Tim Hunt
Secure coukies 0 mimi nom
A required parameter token was missing 2 Ross Quinnell
Contacts tab in messaging provides list of all users (GDPR issue?) 8 Gemma Lesterhuis
[3.5]Insecure files/folders Moodle? 2 Richard van Iwaarden
XSS Trusted Users list longer than it should be given our settings 3 Janet Osborne
Getting ClamAV Daemon working in Ubuntu 18.04 0 Mark Sharp
restrict guest access for courses in a specific category 6 Louise Hawkins
Data registry and data deletion 1 Andrew Nicols
When logging in, I'm getting a "logout/cancel" popup every time 3 Jan Waginski
Deceptive site ahead - Phishing 6 Ken Task
Securing the platform and databases best approach? 7 Jerry Lau
User data in joint activities 0 Kerstin Namuth
Is there a way to set manager role to be able to enroll student to certain Course categories only? 0 Maddy Fu