A few tips on Moodle security (ReCaptcha, Passwords and more)

4434

Moodle security, especially in the classroom setting is very important.  There are always ways you can better secure your Moodle.  There are a few that you have direct control over while others you might not even know exist.

WIRIS
  1. Password difficulty: today in Moodle you can set various password requirements for new users to increase the level of security on your Moodle (especially identity theft/unauthorized use of another users account).  To manage the various password restrictions access your Administration block (as Admin) and click Security / Site Policies. [http://docs.moodle.org/en/Password_policy]
  2. Captcha: you probably are familiar with Captcha as a way that other sites ensure you’re actually a person. It’s those funky looking letters that you’re forced to enter into the box (not knowing sometimes if that’s a Z or 2…).  Did you know you can enable and utilize Captcha on your site for self-registering users?  Captcha may be enabled as long as you are allowing self-registration on your site (that’s where you can turn it off/on; Users / Authentication / Email-Based Self-Registration).  To enter your public/private re-Captcha keys go to Users / Manage Authentication and look to the bottom of the page.  To read about the setup of Captcha check out our past post on customizing your login screen [customizing your login screen]
  3. Login Attempts: by default, users can only try to login 10 times in a row with 1 account before it becomes locked for 15 minutes (I discovered this the hard way). This security measure helps to thwart a user from repeatedly attempting to login with another person’s account [http://docs.moodle.org/en/error/moodle/errortoomanylogins].
  4. Upgrade: in addition to these simple security measures, Moodle.org also advises all Moodlers to update their site to the best possible version available to prevent any other security vulnerabilities from being exploited on a site.  For more information be sure to follow http://moodle.org/security/ for updates.

What other security measures do you employ at your site?  What are your best policies for preventing misuse?