Security FAQ: Difference between revisions
Mary Cooch (talk | contribs) (it says this page is locked -is there any point my adding the "Improve" template?) |
Helen Foster (talk | contribs) (es link) |
||
(10 intermediate revisions by 3 users not shown) | |||
Line 2: | Line 2: | ||
==How do I report a security issue?== | ==How do I report a security issue?== | ||
See [[:dev:Moodle security procedures|Moodle security procedures]] in the dev docs for details on how to report a security issue. | |||
Previously fixed security issues are listed in the [http://moodle.org/security/ Moodle.org Security news]. If you are unsure whether a problem has been fixed or not, it's best to report it anyway. | Previously fixed security issues are listed in the [http://moodle.org/security/ Moodle.org Security news]. If you are unsure whether a problem has been fixed or not, it's best to report it anyway. | ||
Line 8: | Line 8: | ||
==How can I keep my site secure?== | ==How can I keep my site secure?== | ||
It's good practice to always use the latest stable release of the version you are using. It is | It's good practice to always use the latest stable release of the version you are using. It is safe to upgrade to a more recent version on the branch you are using, say from Moodle 2.X.1 to the latest version on the 2.X branch. [[Git for Administrators|Downloading via Git]] makes it very easy way to do this. | ||
==How do I keep track of recent security issues?== | ==How do I keep track of recent security issues?== | ||
* Register your | * [[Site registration | Register your Moodle site with moodle.org]], making sure to enable the option of being notified about security issues and updates. After your registration is accepted, your email address will be automatically added to our low-volume security alerts mailing list. | ||
* Eventually, all important security issues are published to the general public via the [http://moodle.org/mod/forum/view.php?f=996 Moodle Security forum]. You can subscribe to the | * Eventually, all important security issues are published to the general public via the [http://moodle.org/mod/forum/view.php?f=996 Moodle Security forum]. You can subscribe to the forum or [http://twitter.com/moodlesecurity follow moodlesecurity on Twitter]. | ||
==Who is able to view security issues in the Tracker?== | ==Who is able to view security issues in the Tracker?== | ||
Depending upon the security level of a Tracker issue, access is restricted to developers, testers or members of the security team. | Depending upon the security level of a Tracker issue, access is restricted to developers, testers or members of the security team. | ||
==Which versions of Moodle are supported?== | ==Which versions of Moodle are supported?== | ||
Currently supported versions are listed on [http://download.moodle.org/ download.moodle.org]. | |||
==My site was hacked. What do I do?== | ==My site was hacked. What do I do?== | ||
Line 45: | Line 41: | ||
#Obtain a reCAPTCHA key from http://recaptcha.net by [https://admin.recaptcha.net/accounts/signup/?next= signing up for an account] (free) then entering a domain. | #Obtain a reCAPTCHA key from http://recaptcha.net by [https://admin.recaptcha.net/accounts/signup/?next= signing up for an account] (free) then entering a domain. | ||
#Copy and paste the public and private keys provided into the ''recaptchapublickey'' and ''recaptchaprivatekey'' fields in the manage authentication common settings in ''Administration > | #Copy and paste the public and private keys provided into the ''recaptchapublickey'' and ''recaptchaprivatekey'' fields in the manage authentication common settings in ''Administration > Plugins > Authentication > [[Manage authentication]]''. | ||
#Click the "Save changes" button at the bottom of the page. | #Click the "Save changes" button at the bottom of the page. | ||
#Follow the settings link for email-based self-registration in ''Administration > | #Follow the settings link for email-based self-registration in ''Administration > Plugins > Authentication > Manage authentication'' and enable the reCAPTCHA element. | ||
#Click the "Save changes" button at the bottom of the page. | #Click the "Save changes" button at the bottom of the page. | ||
==How can I run the security overview report?== | ==How can I run the security overview report?== | ||
To run the | To run the [[Security overview|security overview report]], go to ''Administration > Site administration > Reports > Security overview''. | ||
==See also== | ==See also== | ||
* Using Moodle [http://moodle.org/mod/forum/view.php?id=7301 Security and Privacy forum] | * Using Moodle [http://moodle.org/mod/forum/view.php?id=7301 Security and Privacy forum] | ||
[[Category:FAQ]] | |||
[[ | [[es:Seguridad FAQ]] | ||
Latest revision as of 14:37, 17 November 2015
How do I report a security issue?
See Moodle security procedures in the dev docs for details on how to report a security issue.
Previously fixed security issues are listed in the Moodle.org Security news. If you are unsure whether a problem has been fixed or not, it's best to report it anyway.
How can I keep my site secure?
It's good practice to always use the latest stable release of the version you are using. It is safe to upgrade to a more recent version on the branch you are using, say from Moodle 2.X.1 to the latest version on the 2.X branch. Downloading via Git makes it very easy way to do this.
How do I keep track of recent security issues?
- Register your Moodle site with moodle.org, making sure to enable the option of being notified about security issues and updates. After your registration is accepted, your email address will be automatically added to our low-volume security alerts mailing list.
- Eventually, all important security issues are published to the general public via the Moodle Security forum. You can subscribe to the forum or follow moodlesecurity on Twitter.
Who is able to view security issues in the Tracker?
Depending upon the security level of a Tracker issue, access is restricted to developers, testers or members of the security team.
Which versions of Moodle are supported?
Currently supported versions are listed on download.moodle.org.
My site was hacked. What do I do?
See Hacked site recovery.
How can I reduce spam in Moodle?
How can I increase privacy in Moodle?
See Increasing privacy in Moodle.
How do I enable reCAPTCHA?
To add spam protection to the Email-based self-registration new account form with a CAPTCHA element:
- Obtain a reCAPTCHA key from http://recaptcha.net by signing up for an account (free) then entering a domain.
- Copy and paste the public and private keys provided into the recaptchapublickey and recaptchaprivatekey fields in the manage authentication common settings in Administration > Plugins > Authentication > Manage authentication.
- Click the "Save changes" button at the bottom of the page.
- Follow the settings link for email-based self-registration in Administration > Plugins > Authentication > Manage authentication and enable the reCAPTCHA element.
- Click the "Save changes" button at the bottom of the page.
How can I run the security overview report?
To run the security overview report, go to Administration > Site administration > Reports > Security overview.
See also
- Using Moodle Security and Privacy forum