Moodle security issues, particularly in the classroom setting are crucial.
There are ways administrations can increase their Moodle security better. So let’s go over a couple settings they have direct control over while some other Moodle security issues they may not even know about.
1. Password Trouble
Starting with the first Moodle security issues is the fact that administrators can set numerous password needs for brand new users to boost the degree of security in your Moodle-site (identification theft/unauthorized usage of users’ account).
To manage the numerous password stipulations gain access to your Administration block (as Admin) and click on Safety / Site Policies [http://docs.moodle.org/en/Password_policy]
2. Login Attempts
By default, users can just attempt to login 10 times with 1 user account prior to being “locked out” of their account for 15 minutes (many people have discovered this the hard way).
This protection measure assists to ward off a user from repeatedly attempting to login with another person’s account [http://docs.moodle.org/24/en/error/moodle/errortoomanylogins]
3. Site Policies
A site administrator can establish website policies affecting the protection and privacy of the Moodle-site in: Settings -> Site Administration -> Security -> Site Policies
Open to Google
Enabling this establishing permits Google’s “search spiders” to have guest accessibility to your Moodle-site. Furthermore, people coming in to your website via a Google search will instantly be logged in as a visitor.
4. Email-Based Self-Registration
The email-based self-registration authentication allows users to make their own accounts by means of the ‘Make brand-new account’ button on the login web page. Then they receive an e-mail at the address they specified in their account profile to confirm their account.
Enabling Email-Based Self-Registration
A Moodle-site administrator can make it possible for email-based self-registration in: Settings -> Site Administration -> Plugins -> Authentication -> Manage Authentication
When the plugin is “turned on” the email-based self-registration still has to be chosen in Course Settings -> Users -> Enrollment Method in the common enrollment setup for each course.
Caution About Moodle Security Issues
Allowing email self-registration leads to a high chance of spammers making accounts in order to utilize Moodle’s online forum posting, blog entries and so on for spamming.
This threat can be decreased by restricting self-registration to particular email domains, by turning on the “Allow Email Domain Setting” in Settings -> Site Administration -> Plugins -> Authentication -> Manage Authentication.
An optional “internal policy” an organization may adopt to use email-based self-registration would be to enable it for a short time frame to allow students to register their accounts. Once all of the students have successfully created their accounts then the administrator can disable this authentication method.
Note: The Email-Based Self-Registration authentication method plugin needs to be enabled to allow students to login who originally used this as their enrollment method.
5. Enable ReCAPTCHA Element for Moodle Security Issues
Did you know ReCAPTCHA can be enabled on your Moodle-site for email-based self-registration method to authenticate users?
You will probably recognize the ReCAPTCHA element used in Moodle is similar to ones you’ll find on many other websites and it is a method that guarantees you’re a REAL person.
ReCAPTCHA is a program that helps tell whether whoever is trying to create and account or login is a human or a computer system. It is used by many internet sites to prevent misuse from bots, or automated programs normally written to generate spam.
No computer system program can “understand” the distorted content as well as human beings can so bots cannot navigate websites protected by CAPTCHAs.
ReCAPTHCA can easily be enabled on your Moodle-site if you are using email-based self-registration (here’s where you can turn it off/on in a course: Settings -> Users -> Enrollment Methods -> Email-Based Self-Registration).
This is a good “spam defense” for your Moodle-site when using the email-based self-registration for students to create brand-new accounts with this ReCAPTCHA aspect – a challenging test utilized to establish whatever is trying to register is actually a human.
6. Moodle Security Issues Update
Along with these simple safety steps to take for Moodle security issues, Moodle.org also recommends all Moodlers to upgrade their site to the best possible version to avoid other security susceptibilities from being exploited on a Moodle-site.
To find out about updates follow: http://moodle.org/security/