All online systems are highly complex and contains security issues which are discovered from time to time and fixed to prevent any mishappening. Moodle project also involves a lot of programming and the security issues are reported by Moodle community members in Moodle tracker which are fixed on priority by the Moodle Dev team.
Often these security issues are fixed along with the Minor point releases of Moodle which is released after every two months from the first release. The new Moodle 3.2.2 is scheduled to be released on 13th March 2017.
First timer Moodle site administrators generally keeps the default settings and never bother to look into the security recommendations put by the Moodle community. There is a good documentation page covering the basics of security protections recommended to be followed to keep your Moodle site secure.
Basic Security recommendations:
The basic security recommendations include:
- Update Moodle regularly on each release
- Use https to secure all pages (not just the login page)
- Use strong passwords for admin and teachers
- Only give teacher accounts to trusted users.
- Keep a good backup of your Moodle site
Apart from the above, always keep an eye over the security announcements here. For complete security recommendations, check out the Moodle docs here.
What are the other security recommendations you would like to suggest? Have you ever faced any security issues with Moodle? How did you overcame that? Share your experience with us in the comments section below.