Security and privacy

How to keep your Moodle site secure and methods for increasing privacy.

Documentation: Security, Security FAQ and Increasing privacy in Moodle

Before starting a new discussion topic, please check the Security FAQ and try a forum search.


New security issues should be reported in the Moodle Tracker with an appropriate security level.

DiscussionStarted byRepliesLast post
PinnedEU General Data Protection Regulation (GDPR) compliance 97 Ewan McGhee
User Policy and agrement 1 Ralf Hilgenstock
Lots of invalid login token errors in the logs 14 Diane Soini
SSL connection to Moodle DB? 33 Garrett Boone
Plugin privacy registry error 2 Andrew Nicols
How to Download my Personal Data or other's Data 16 Alan Schrock
Host with LiquidWeb - mod_security rules 2 Ken Task
ClamAV and Cwatch 4 Wynand Louw
Can't edit moodle's password policy 1 Emma Richardson
Corrections to the Moodle landscape as a result of the Facebook's breaches 8 Visvanath Ratnaweera
ClamAV server 2 Matteo Scaramuccia
Restrict teacher's ability to backup courses including userdata? 2 stefan weber
GuardianKey - A new plugin of Security 0 Gesiel Bernardes
IP blocker error when access via html script 0 Karishma Tiwari
How do I finetune Website Copier HTTrack or Cyotek WebCopy? 0 Rolf Cper
disable video right click 1 Rick Jerz
Cell-like groups possible? 0 Sam Stevens
Quiz Answers "Keywords" Not Working 3 deepak rs
User's Choice of Course 0 deepak rs
adding a wildcard security ssl for a plugin 0 Aretha Etienne
Unable to Log In as admin - Moodle 3.5 1 Emma Richardson
Manual enrollment and obligate change password 0 Reinier Batterink
HTTPS issue 1 Chris Nelson
ClamAV Plugin Config Paths 3 Wolf Ventir
content protection method 2 dave lewis
No checkboxes on Data Requests page 2 Alex Sandu
reset admin password? 9 Lea Cohen
HTTP to HTTPS 1 Ken Task
data privacy plugin 3.3.5 hanging in cron 11 John Packiaraj
The perils of the BIG "helping" school IT 1 Visvanath Ratnaweera
Problem with HTTPS 1 AL Rachels
Fast registration possible? 6 Visvanath Ratnaweera
looking for vulnerable (old) plugins for Moodle 1 Dan Marsden
Completely isolated courses 10 Kerstin Namuth
Privacy Policy - Different Languages 5 Ralf Hilgenstock
email alert when new users are created 2 Raman Joshi
Need Assistance on Installing SSL Wildcard Certificate Moodle3.2.4 Apache 0 Aretha Etienne
Mail bomb afther update 6-11-2018 4 Ralf Hilgenstock
Password recovery from login page : a strange screen 1 Emma Richardson
Data requests retention period 2 Leon Erasmus
Building in SHA-256 hashing for javascript 15 Garrett Boone
Can my instructor see my activities outside his course? 1 Tim Hunt
Secure coukies 0 mimi nom
A required parameter token was missing 2 Ross Quinnell
Contacts tab in messaging provides list of all users (GDPR issue?) 8 Gemma Lesterhuis
[3.5]Insecure files/folders Moodle? 2 Richard van Iwaarden
XSS Trusted Users list longer than it should be given our settings 3 Janet Osborne
Getting ClamAV Daemon working in Ubuntu 18.04 0 Mark Sharp
restrict guest access for courses in a specific category 6 Louise Hawkins
Data registry and data deletion 1 Andrew Nicols
When logging in, I'm getting a "logout/cancel" popup every time 3 Jan Waginski
Deceptive site ahead - Phishing 6 Ken Task
Securing the platform and databases best approach? 7 Jerry Lau
User data in joint activities 0 Kerstin Namuth
Is there a way to set manager role to be able to enroll student to certain Course categories only? 0 Maddy Fu
Changing Content on Alternate login URL 0 Jennifer Belisle
Is there a way to completely delete users including all their data? 7 Andrew Nicols
Incoming mail configuration with Google accounts detected as insecure 12 Iñigo Zendegi Urzelai
How to prevent script tag in search URL 1 Ruslan Kabalin
Define roles by IP address 0 Tamar Alania
Data privacy plugin and quizzes 3 Jonas Asa.
How long should HTTPS conversion run? 1 Marveen Joee
Students can see other students enrolled in a course 1 Mohamed Gad
Log in issue 3 Emma Richardson
Security for docs and videos in moodle 0 Jenn MapMaven
Could a quickly changing client IP upset the log in process? 3 Visvanath Ratnaweera
Backup policy 8 Ken Task
security Issue of Moodle 3 Richard van Iwaarden
Backup of user data 3 Mary Cooch
GDPR / data registry / data deletion plugins - questions, discussion and experiences 1 Howard Miller
Access Reserved to Moodle Maintenance Mode 1 Mary Cooch
Found Code injection in moodle instance 0 Prasanna H
Force HTTPS 1 Moodle Admin
problem in securing the login page 2 Moodle Admin
Deleting old users 1 Moodle Admin
using ClamAV to scan for malicious macros in office files 1 Moodle Admin
SQL injection via Scorm package 7 Matteo Scaramuccia
Folder and file permissions for Moodledata and Moodle 8 Matteo Scaramuccia
How to disable 3.5.1 cookie policy popup? 1 Randy Thornton
GDPR Plugins - some questions 32 Jun Pataleta
Cookie Consent and Privacy Notice Popup 4 Casero Patrizia
Recommendations for the permissions on the server 1 Visvanath Ratnaweera
Last login information on user profile 1 Ray Lawrence
Bugs: Code Injection in Moodle? 1 Tim Hunt
Critical Security Warning - Guest role 2 Emma Richardson
Students contact details hiden from each other 1 Emma Richardson
Verifying identity of students 3 altan ahmet
Random HTTP 403 Errors 3 Raymond Frangie
ClamAV and FastCGI 4 Matteo Scaramuccia
User deletion not GDPR compliant : personal data not deleted (lastip) 3 Adrian Greeve
Is Facebook review required for Facebook login? 0 Claus Tøndering
Fix Blind SQL Injection 8 Ken Task
Some student is stealing other students passwords 2 Conn Warwicker
GDPR - How does retention period work? 5 Richard van Iwaarden
Disabled permission in admin 0 Luis Flores
SSL implementation on Moodle 2.7.x 2 Steven Borch
Policy type 1 Sara Arjona Téllez
User policies > Show user identity field ignored when exporting grades 0 Eoin Campbell
Multilang policies 0 Piotr Widak
Invalid permissions detected in $CFG->dataroot directory, administrator has to fix permissions 0 Jukka Kylliäinen