Secure your Moodle site during upgrade using Upgrade Key #Moodle3.0

Another new feature added to the most popular open source LMS i.e. Moodle in the latest version is to keep your site upgrades secure using the Upgrade Key. Upgrade key is a new mechanism to protect your Moodle site during Moodle core update and/or a plugin installation/update.

In the earlier versions of Moodle prior to Moodle 3.0, any anonymous visitor of your site can potentially trigger the upgrade process by navigating their browser to your admin page which is a huge security risk as during the upgrade process a lot of sensitive information is available like Server Environment, Plugins version etc.

In the new Moodle version – Moodle 3.0; to improve the security of your site, you can hard code the upgrade key in the config.php file like –

$CFG->upgradekey = 'put_your_upgrade_secret_here';

Now, whenever you will upgrade your Moodle site, then it will ask to enter that upgrade key before proceeding with the upgrade process as shown in the picture below:

Secure your Moodle site during upgrade using upgrade key
Secure your Moodle site during upgrade using upgrade key

Please note – It is recommended to use a random secret code instead of using your account’s password to make it more secure.

Jaswinder Singh

Jaswinder Singh, passionate about using Moodle in improving the Indian Education System and reaching the students in far flung areas where still education seems to be a impossible prospect of life. He is the author of the popular Moodle Book "How to use Moodle 2.7". In October 2016, Jaswinder was elected as the Moodle User's Association Committee member - the first to make it from India.

Related Articles