Security and privacy

How to keep your Moodle site secure and methods for increasing privacy.

Documentation: Security, Security FAQ and Increasing privacy in Moodle
Forum moderator: Marina Glancy

Before starting a new discussion topic, please check the Security FAQ and try a forum search.

DO NOT REPORT NEW VULNERABILITIES HERE!

New security issues should be reported in the Moodle Tracker with an appropriate security level.


Page: 1 2 3 4 5 6 7 8 9 10 11 12 13 ()
DiscussionStarted byRepliesLast post
PinnedEU General Data Protection Regulation (GDPR) compliance 97 Ewan McGhee
Mon, 15 Oct 2018, 5:23 PM
Privacy Policy - Different Languages 0 Stephen Oxlade
Fri, 19 Oct 2018, 6:26 PM
[3.5]Insecure files/folders Moodle? 2 Richard van Iwaarden
Fri, 19 Oct 2018, 5:26 AM
XSS Trusted Users list longer than it should be given our settings 3 Janet Osborne
Fri, 19 Oct 2018, 2:10 AM
Getting ClamAV Daemon working in Ubuntu 18.04 0 Mark Sharp
Fri, 19 Oct 2018, 12:18 AM
restrict guest access for courses in a specific category 6 Louise Hawkins
Wed, 10 Oct 2018, 8:44 PM
reset admin password? 8 Lahiru S Ranasinghe
Wed, 10 Oct 2018, 7:16 PM
Data registry and data deletion 1 Andrew Nicols
Wed, 10 Oct 2018, 8:39 AM
Contacts tab in messaging provides list of all users (GDPR issue?) 5 Kerstin Namuth
Mon, 8 Oct 2018, 9:55 PM
When logging in, I'm getting a "logout/cancel" popup every time 3 Jan Waginski
Mon, 8 Oct 2018, 2:25 PM
Deceptive site ahead - Phishing 6 Ken Task
Fri, 5 Oct 2018, 6:09 PM
SSL connection to Moodle DB? 0 Paul Martin
Tue, 2 Oct 2018, 11:32 PM
Securing the platform and databases best approach? 7 Jerry Lau
Tue, 2 Oct 2018, 3:06 AM
User data in joint activities 0 Kerstin Namuth
Fri, 28 Sep 2018, 4:32 PM
Is there a way to set manager role to be able to enroll student to certain Course categories only? 0 Maddy Fu
Wed, 26 Sep 2018, 9:32 AM
Changing Content on Alternate login URL 0 Jennifer Belisle
Mon, 24 Sep 2018, 11:16 PM
Is there a way to completely delete users including all their data? 7 Andrew Nicols
Thu, 20 Sep 2018, 7:14 PM
Incoming mail configuration with Google accounts detected as insecure 12 Iñigo Zendegi Urzelai
Mon, 17 Sep 2018, 12:40 PM
How to prevent script tag in search URL 1 Ruslan Kabalin
Fri, 14 Sep 2018, 10:44 PM
Define roles by IP address 0 Tamar Alania
Fri, 14 Sep 2018, 9:27 PM
Data privacy plugin and quizzes 3 Jonas Asa.
Fri, 14 Sep 2018, 6:23 PM
How long should HTTPS conversion run? 1 Marveen Joee
Fri, 14 Sep 2018, 4:09 AM
Students can see other students enrolled in a course 1 Mohamed Gad
Mon, 10 Sep 2018, 4:17 PM
Log in issue 3 Emma Richardson
Fri, 31 Aug 2018, 12:42 AM
Security for docs and videos in moodle 0 Jenn MapMaven
Wed, 29 Aug 2018, 9:40 PM
Could a quickly changing client IP upset the log in process? 3 Visvanath Ratnaweera
Fri, 24 Aug 2018, 6:39 PM
Backup policy 8 Ken Task
Wed, 22 Aug 2018, 12:33 PM
security Issue of Moodle 3 Richard van Iwaarden
Tue, 21 Aug 2018, 10:13 PM
Backup of user data 3 Mary Cooch
Fri, 17 Aug 2018, 9:30 PM
GDPR / data registry / data deletion plugins - questions, discussion and experiences 1 Howard Miller
Tue, 7 Aug 2018, 8:28 PM
Access Reserved to Moodle Maintenance Mode 1 Mary Cooch
Tue, 7 Aug 2018, 6:50 PM
Found Code injection in moodle instance 0 Prasanna H
Tue, 7 Aug 2018, 1:15 PM
Force HTTPS 1 Moodle Admin
Sun, 5 Aug 2018, 7:32 PM
problem in securing the login page 2 Moodle Admin
Sun, 5 Aug 2018, 7:24 PM
Deleting old users 1 Moodle Admin
Sun, 5 Aug 2018, 7:21 PM
using ClamAV to scan for malicious macros in office files 1 Moodle Admin
Sun, 5 Aug 2018, 6:56 PM
SQL injection via Scorm package 7 Matteo Scaramuccia
Wed, 1 Aug 2018, 6:13 PM
Folder and file permissions for Moodledata and Moodle 8 Matteo Scaramuccia
Tue, 31 Jul 2018, 10:17 PM
How to disable 3.5.1 cookie policy popup? 1 Randy Thornton
Wed, 25 Jul 2018, 3:56 AM
GDPR Plugins - some questions 32 Jun Pataleta
Thu, 19 Jul 2018, 9:24 AM
Cookie Consent and Privacy Notice Popup 4 Casero Patrizia
Thu, 19 Jul 2018, 3:15 AM
Recommendations for the permissions on the server 1 Visvanath Ratnaweera
Tue, 17 Jul 2018, 12:27 PM
Last login information on user profile 1 Ray Lawrence
Tue, 10 Jul 2018, 3:40 PM
Bugs: Code Injection in Moodle? 1 Tim Hunt
Tue, 10 Jul 2018, 2:07 AM
Critical Security Warning - Guest role 2 Emma Richardson
Mon, 9 Jul 2018, 8:04 PM
Students contact details hiden from each other 1 Emma Richardson
Mon, 9 Jul 2018, 7:59 PM
Verifying identity of students 3 altan ahmet
Thu, 5 Jul 2018, 6:34 PM
Random HTTP 403 Errors 3 Raymond Frangie
Wed, 4 Jul 2018, 8:06 AM
ClamAV and FastCGI 4 Matteo Scaramuccia
Wed, 4 Jul 2018, 5:37 AM
User deletion not GDPR compliant : personal data not deleted (lastip) 3 Adrian Greeve
Sun, 1 Jul 2018, 9:41 AM
Is Facebook review required for Facebook login? 0 Claus Tøndering
Sat, 30 Jun 2018, 5:31 PM
Fix Blind SQL Injection 8 Ken Task
Fri, 29 Jun 2018, 6:59 PM
Some student is stealing other students passwords 2 Conn Warwicker
Thu, 21 Jun 2018, 9:37 PM
GDPR - How does retention period work? 5 Richard van Iwaarden
Thu, 21 Jun 2018, 9:16 PM
Disabled permission in admin 0 Luis Flores
Wed, 20 Jun 2018, 1:45 AM
SSL implementation on Moodle 2.7.x 2 Steven Borch
Tue, 19 Jun 2018, 10:09 PM
Policy type 1 Sara Arjona Téllez
Fri, 15 Jun 2018, 5:30 PM
User policies > Show user identity field ignored when exporting grades 0 Eoin Campbell
Thu, 7 Jun 2018, 5:09 PM
Multilang policies 0 Piotr Widak
Thu, 7 Jun 2018, 3:27 PM
Invalid permissions detected in $CFG->dataroot directory, administrator has to fix permissions 0 Jukka Kylliäinen
Tue, 5 Jun 2018, 7:50 PM
Is a logged action created when a user is deleted via a privacy data request? 0 Mike Churchward
Tue, 5 Jun 2018, 3:57 AM
Password security options 2 Dave Perry
Wed, 30 May 2018, 5:05 PM
Data registry - Data Requests when not using it, and 'Subject Scope' 0 Mark Chaney
Wed, 30 May 2018, 4:45 PM
Create new User via Webservice 6 Lê Tú
Wed, 30 May 2018, 3:21 PM
were can I find exhaustive documentation on the GDPR data registry? 2 stefan weber
Tue, 29 May 2018, 5:31 PM
Corrections to the Moodle landscape as a result of the Facebook's breaches 5 Visvanath Ratnaweera
Mon, 28 May 2018, 11:15 PM
Problem with "Force users to log in" option 1 Zoran Jancic
Mon, 28 May 2018, 5:24 PM
GPDR plugin for 2.X moodle 3 koen roggemans
Sat, 26 May 2018, 2:00 AM
GDPR - Manually trigger deletion requests 5 Jan Dageförde
Fri, 25 May 2018, 5:37 PM
GDPR Course retention varies by qual type 15 Mark Chaney
Fri, 25 May 2018, 3:41 PM
GDPR and forum forced subscription 4 Christos Savva
Thu, 24 May 2018, 3:58 PM
Pollicies 0 Piotr Widak
Wed, 23 May 2018, 7:43 PM
GDPR Privacy API for advanced grading methods 2 Marcus Green
Wed, 23 May 2018, 4:13 PM
How to assess a data breach 5 Visvanath Ratnaweera
Tue, 22 May 2018, 9:40 PM
GDPR plugins: display consent option on first screen? 0 Stewart Carswell
Tue, 22 May 2018, 7:06 PM
DSAR's and Redaction 2 Tim Gildersleeve
Mon, 21 May 2018, 2:48 PM
GDPR plugins Moodle 3.3 5 Ken Task
Sun, 20 May 2018, 8:42 PM
Plugin support for privacy API (split from EU General Data Protection Regulation (GDPR) compliance) 3 Jean-Michel Védrine
Sun, 20 May 2018, 7:08 PM
External tool and CSRF 0 Nicanor García
Wed, 16 May 2018, 11:30 PM
Background info to / clarification on CVE-2017-7298? 0 Temp Account
Wed, 16 May 2018, 1:25 PM
monitoring course changes 3 Jennifer Meyer
Tue, 15 May 2018, 9:19 PM
monitoring course changes 0 Jennifer Meyer
Tue, 15 May 2018, 2:29 AM
automated backups 6 Paul Raper
Mon, 14 May 2018, 3:05 AM
data privacy plugin 3.3.5 hanging in cron 10 Tim Gildersleeve
Fri, 11 May 2018, 4:08 PM
ClamAV - clamdscan 3 callum Wood
Fri, 4 May 2018, 6:14 PM
GDPR Policies Plugin - Any facility for Optional? 4 Randy Thornton
Wed, 2 May 2018, 11:55 PM
Migrating my Moodle Site From HTTP to HTTPS 3 callum Wood
Wed, 2 May 2018, 7:16 PM
I think we were hacked 8 Ken Task
Wed, 2 May 2018, 6:45 AM
https & sensitive info 5 Visvanath Ratnaweera
Wed, 2 May 2018, 1:25 AM
Moodle 'Site News' is public, it needs to be private. Help. 2 roshan kolar
Tue, 1 May 2018, 1:31 PM
GDPR: config settings as user preferences in blocks 6 Randy Thornton
Tue, 1 May 2018, 12:44 AM
Policy & Privacy Plugin help 3 Mark Lewis
Sun, 29 Apr 2018, 7:45 PM
GDPR and Custom Reports 2 Randy Thornton
Fri, 27 Apr 2018, 11:49 AM
Delete "graduated" students (GDPR) 1 Randy Thornton
Fri, 27 Apr 2018, 11:45 AM
Hiding Student Names from Graders 1 John Provasnik
Fri, 27 Apr 2018, 3:17 AM
Same moodle server to cater both Intranet & Internet 9 Ken Task
Wed, 25 Apr 2018, 6:01 PM
Erasing optional field data 6 Alicia Wallace
Tue, 24 Apr 2018, 6:43 PM
Bug bounty by Detectify 1 Marina Glancy
Tue, 24 Apr 2018, 11:13 AM
You are considered to be a digital minor 4 Bente Olsen
Sun, 22 Apr 2018, 3:53 AM
saml - sso error 1 Ken Task
Wed, 18 Apr 2018, 2:16 AM
Page: 1 2 3 4 5 6 7 8 9 10 11 12 13 ()