Moodle platforms store a lot of data. From email addresses to messages, your platform will quickly build up plenty of information on the people who use it.
This isn’t a bad thing. In fact, a Moodle platform is expected to contain this information. But what is essential is that you have the correct security measures in place so that your platform’s data can’t be hacked or disrupted by malicious parties.
We work with educational institutions that hold sensitive information on students through to large organisations with platforms containing information on tens of thousands of users. And in each case, we take careful consideration to make sure their platforms are entirely secure.
In this article, we’ll explain the importance of security for your platform, the security features that Moodle already has, as well as some tips and tricks to make your platform as safe as possible.
01 When things go wrong
In 2017, a malicious ransomware attack called WannaCry was launched targeting computers that used Windows operating systems. One of the most publicised in memory, the ransomware affected up to 200,000 computers in over 150 computers worldwide.
Eventually, the response from Microsoft and security organisations brought the situation under control. Still, the damage had already been done for many organisations, costing billions of pounds.
After reviews of how this ransomware managed to cause so much damage, it was revealed that Microsoft had already released a security patch that worked against the attack. The computers that were affected hadn’t installed this latest patch.
Similarly, Moodle releases new versions of its platform bi-annually. For the most part, these updates introduce new features to your Moodle platform, but they also bring in the latest security features. As it stands, only Moodle versions 3.9.8 and above have the newest security certificate, so if your platform isn’t on that version, it’s time to upgrade.
02 The security features of Moodle
Moodle is designed to be secure.
From its early development through today, Moodle follows a strict development process called ‘security by design’. This means that any development or change that Moodle introduces has the platform’s security at its forefront. A full list of these security by design processes can be found here.
Moodle will never collect, use or monetise any data you store on your Moodle platform. Which alongside the various policy documents and data request tools accessible here means your platform will be fully GDPR compliant.
We’ve often spoken about the benefits of Moodle Plugins (such as H5P), and because they’re usually made by third party sources, we’re often asked how secure they are. Moodle requires all available plugins to implement a Privacy API to make sure they’re GDPR compliant.
Finally, Moodle deploys a proactive security testing and vulnerability disclosure program. Moodle collaborates with Bugcrowd, which allows global security researchers to test Moodle constantly. Beyond this, Moodle also has the benefit of its massive user base. At any one time there are millions of administrators and security experts monitoring any potential vulnerabilities and reporting them through the vulnerability disclosure program.
03 Moodle’s recommended top tips for security
Moodle also has recommendations you can implement to add an extra layer of safety. Here’s what you can do:
1.) Register your Moodle site – Doing this means you’ll be alerted immediately when new Moodle versions are released, allowing you to stay on top of the latest security features.
2.) Back-up your site regularly – You can make a save of your platform so that if any issues do occur, you can restore to a version before it happened.
3.) Follow the principle of ‘least privilege’ – A hierarchical structure meaning the few at the top, such as administrators, will have access to the most information. Whilst the many at the bottom, such as learners, have access to the least information. It’s also important to make sure that users only have access to the content which is relevant to them.
4.) Configure your site in line with Moodle’s recommendations – Moodle releases regular documentation describing how best to set up your platform. You can follow the Moodle security recommendations doc here and run a security overview report here.
5.) Report any issues – Use the security reporting forum to inform Moodle of any potential vulnerabilities you see. Once they’re brought to Moodle’s attention, they can be resolved ASAP.
We’ve handled Moodle installations for many organisations, making sure their platforms are as safe as possible. To speak to us about the security of your installation, get in touch here.
We also release a monthly newsletter covering content like this and everything you need to know surrounding the world of Moodle. Click the link below to subscribe.
Super talented, unflappable and very funny, Phuong supports the whole marketing team in her role as Marketing Assistant. Phuong holds a bachelor’s degree in Business Administration and recently completed a master’s degree in Management and Marketing. Originally from Hanoi in Vietnam, Phuong is now based in the UK and climatising brilliantly to our weather and food.
Phuong owns a food review Instagram page as travelling and food are her passion. She also has a cute little french bulldog.
Ellie was the first woman to join Titus and has paved the way for many more since then. After studying for a degree in Fashion and Marketing, Ellie was lucky to find herself at fashion weeks and photoshoots.
Now she’s switched from talk of the front row to front end design and has brought loads of transferable knowledge to Titus. Ellie has also found a real passion for tech, especially in the learning sector, helping clients create positive change for their organisations.
As one of the youngest people at Titus but at the same time one of the oldest serving members of the team, Callum has graced Titus with his broad smile and positive attitude for over 5 years now. As a key member of the marketing team, Callum works across all areas, both on and offline, to ensure that all Titus brands and communication are on point.
After missing out on the opportunity to go to University the first time around, management encouraged him to enrol in our course alongside his work. He is now studying to achieve his Level 6 Diploma in Professional Digital Marketing.
Always bringing innovation and new ideas, Dec studied a degree in Journalism but found his passion in digital marketing. Dec has also worked in marketing for one of the countries biggest retailers and within the property sector.
Outside work, Dec Co-founded a news publication where he collaborated with global brands like Uber, Amazon, BooHoo and countless SMEs.