fbpx

Home - Blog - Moodle Guides - How secure is Moodle?

How secure is Moodle?

Moodle platforms store a lot of data. From email addresses to messages, your platform will quickly build up plenty of information on the people who use it. 

This isn’t a bad thing. In fact, a Moodle platform is expected to contain this information. But what is essential is that you have the correct security measures in place so that your platform’s data can’t be hacked or disrupted by malicious parties. 

We work with educational institutions that hold sensitive information on students through to large organisations with platforms containing information on tens of thousands of users. And in each case, we take careful consideration to make sure their platforms are entirely secure. 

In this article, we’ll explain the importance of security for your platform, the security features that Moodle already has, as well as some tips and tricks to make your platform as safe as possible. 

01 When things go wrong

In 2017, a malicious ransomware attack called WannaCry was launched targeting computers that used Windows operating systems. One of the most publicised in memory, the ransomware affected up to 200,000 computers in over 150 computers worldwide. 

Eventually, the response from Microsoft and security organisations brought the situation under control. Still, the damage had already been done for many organisations, costing billions of pounds.  

After reviews of how this ransomware managed to cause so much damage, it was revealed that Microsoft had already released a security patch that worked against the attack. The computers that were affected hadn’t installed this latest patch. 

Similarly, Moodle releases new versions of its platform bi-annually. For the most part, these updates introduce new features to your Moodle platform, but they also bring in the latest security features. As it stands, only Moodle versions 3.9.8 and above have the newest security certificate, so if your platform isn’t on that version, it’s time to upgrade. 

02 The security features of Moodle

Moodle is designed to be secure. 

From its early development through today, Moodle follows a strict development process called ‘security by design’. This means that any development or change that Moodle introduces has the platform’s security at its forefront. A full list of these security by design processes can be found here

Moodle will never collect, use or monetise any data you store on your Moodle platform. Which alongside the various policy documents and data request tools accessible here means your platform will be fully GDPR compliant. 

We’ve often spoken about the benefits of Moodle Plugins (such as H5P), and because they’re usually made by third party sources, we’re often asked how secure they are. Moodle requires all available plugins to implement a Privacy API to make sure they’re GDPR compliant. 

Finally, Moodle deploys a proactive security testing and vulnerability disclosure program. Moodle collaborates with Bugcrowd, which allows global security researchers to test Moodle constantly. Beyond this, Moodle also has the benefit of its massive user base. At any one time there are millions of administrators and security experts monitoring any potential vulnerabilities and reporting them through the vulnerability disclosure program.

03 Moodle’s recommended top tips for security

Moodle also has recommendations you can implement to add an extra layer of safety. Here’s what you can do:

1.) Register your Moodle site – Doing this means you’ll be alerted immediately when new Moodle versions are released, allowing you to stay on top of the latest security features.

2.) Back-up your site regularly – You can make a save of your platform so that if any issues do occur, you can restore to a version before it happened.

3.) Follow the principle of ‘least privilege’ – A hierarchical structure meaning the few at the top, such as administrators, will have access to the most information. Whilst the many at the bottom, such as learners, have access to the least information. It’s also important to make sure that users only have access to the content which is relevant to them.

4.) Configure your site in line with Moodle’s recommendations – Moodle releases regular documentation describing how best to set up your platform. You can follow the Moodle security recommendations doc here and run a security overview report here

5.) Report any issues – Use the security reporting forum to inform Moodle of any potential vulnerabilities you see. Once they’re brought to Moodle’s attention, they can be resolved ASAP.

Getting Started

We’ve handled Moodle installations for many organisations, making sure their platforms are as safe as possible. To speak to us about the security of your installation, get in touch here.

We also release a monthly newsletter covering content like this and everything you need to know surrounding the world of Moodle. Click the link below to subscribe.

Shopping Basket

Phuong Nguyen Hong

Marketing Assistant

Phuong holds a bachelor’s degree in Business Administration and recently completed a master’s degree in Management and Marketing. Originally from Hanoi in Vietnam, Phuong has two years of marketing experience.

Fact

Phuong owns a food review instagram page as travelling and food are her passion. She also has a cute little french bull dog.

Ellie Sharkey

Head of Marketing

Ellie was the first women to join Titus and since then has paved the way for many more. After studying for a degree in Fashion and Marketing Ellie was lucky enough to find herself at fashion weeks and photoshoots. 

Now she’s switched from talk of front row to front end design and loves working with clients that have such a postive impact on the world.  Her motto in life, ‘don’t sweat the small stuff’.

Callum Barrett

Marketing Executive

Callum was one of the first to join way back in 2016 as an apprentice whilst studying Customer Service. His first ever job, he quickly adapted and learned the ropes to become an integral part of the Titus team.

Fact

After missing out on the chance to go to University initially, Titus backed him to enrol with the CIM and is now studying for a Level 6 Diploma in Professional Digital Marketing in his spare time.

Dec Connolly

Digital Marketing & Web Manager

Dec studied a degree in Journalism but found his passion in digital marketing. As well as eLearning, Dec has worked in marketing for one of the countries biggest retailers and within the property sector.

Fact

Outside work, Dec Co-founded a news publication where he’s collaborated with global brands like Uber, Amazon and the BooHoo as well as countless SMEs.

How can we help?