Secure your Moodle site during upgrade using Upgrade Key #Moodle3.0
Another new feature added to the most popular open source LMS i.e. Moodle in the latest version is to keep your site upgrades secure using the Upgrade Key. Upgrade key is a new mechanism to protect your Moodle site during Moodle core update and/or a plugin installation/update.
In the earlier versions of Moodle prior to Moodle 3.0, any anonymous visitor of your site can potentially trigger the upgrade process by navigating their browser to your admin page which is a huge security risk as during the upgrade process a lot of sensitive information is available like Server Environment, Plugins version etc.
In the new Moodle version – Moodle 3.0; to improve the security of your site, you can hard code the upgrade key in the config.php file like –
$CFG->upgradekey = 'put_your_upgrade_secret_here';
Now, whenever you will upgrade your Moodle site, then it will ask to enter that upgrade key before proceeding with the upgrade process as shown in the picture below:
Please note – It is recommended to use a random secret code instead of using your account’s password to make it more secure.