#Moodle 3.1.1, 3.0.5, 2.9.7, 2.7.15 available now

July 12th, 2016

#Moodle HQ has released the point releases for its currently stable releases in the form of 3.1.1, 3.0.5, 2.9.7 & 2.7.15. You can download the updated from the usual download channel – https://download.moodle.org or git repository. This is the first point release for Moodle 3.1 branch. Read More

Secure your Moodle credentials using the Latch plugin for Moodle @ElevenPaths #Moodle

June 20th, 2016

Online credentials theft is moving towards more sophisticated methods which is making it increasingly difficult for users and companies to protect themselves. So, you need some methods/services to reduce the attacks directed at your online services. Latch, a service by ElevenPaths provides your end users to lock the service account or selected features conveniently, when they dont want to use them. Read More

Secure your site from Brute force attacks using Sebsoft’s Anti Hammering Authentication Plugin #MoodlePlugins #MoodleSecurity

January 16th, 2016

Security of your Moodle site from brute force attacks is a major concern for your Moodle Administrators since any loophole in the security may result in infected or even a total crash of your Moodle site.

By default in Moodle core there is an option under Site Policies to lockout any account based on the number of incorrect logins within a certain period of time but this may also be abused in denial of service attacks. Read More

Secure your Moodle site during upgrade using Upgrade Key #Moodle3.0

November 30th, 2015

Another new feature added to the most popular open source LMS i.e. Moodle in the latest version is to keep your site upgrades secure using the Upgrade Key. Upgrade key is a new mechanism to protect your Moodle site during Moodle core update and/or a plugin installation/update. Read More

Moodle Security for Non Techies by Shane Elliott #iMoot15 #MoodleWorld #MoodleTip

October 8th, 2015

During the iMoot 2015 #imoot15 Shane Elliot, the Managing Director of Pukunui International, a leading online education services company, has shared his presentation about the security of your Moodle Site for Non Techies.

In the presentation he discusses the basic questions about the security of a Moodle site like “Is my site secure?” “Can anybody in the world see my course?” “I heard that the server got hacked – I don’t even know what that means!” “What should I do?” Read More

Presentation – Security in Moodle Plugins

July 9th, 2015

Marina Glancy, the Development Process Manager in Moodle HQ has shared a presentation about the security in the Moodle plugins during the MoodleMoot Australia (#MootAu15).

The presentation includes the typical security vulnerabilities and their probable remedial actions like Cross-site scripting (XSS), Cross-site request forgery (CSRF), Privilege escalation (incl. unauthorised access), Information leakage, SQL injection, Command-line and code injection, Illegal files access, Denial of service, buffer overflow, timeout, etc. Read More

Moodle 2.9 new features

April 10th, 2015

Moodle 2.9 the upcoming version of the most popular open source LMS which is in the code freeze state now and waiting for the QA tsting to commence from 13 April onwards, contains a lots of new features, fixed bugs and improvements in the existing functionality. Read More

Spam deletion Block for Moodle

March 9th, 2015

In a recent attack on Moodle.org by spammers a lot of spam emails are delivered to the users from Moodle forums. Mr. Ken task started a forum thread for the same spam emails which resulted in few solutions which can be utilized on a Moodle site to stop spams.

First one is Spam Deletion Block and the other one is to have a create new account page with some kind of security questions because attackers are still able to solve the captcha option to create new accounts. Read More

Enhance security for your Moodle site with A2FA plugin.

March 5th, 2015

Enhancing security is a major concern for all site administrators because of the increased attacks by hackers and security breaches. Google has developed an authentication service “Google Authenticator” which connects the user login details to his/her mobile. It is also known as “2-step authentication”. Read More