Correction : The RootkitRevealer-link are outdated, working links: english: http://technet.microsoft.com/en-en/sysinternals/bb897445.aspx german http://technet.microsoft.com/de-de/sysinternals/bb897445.aspx

Thanks Reto, I have amended the links accordingly. --Helen Foster (talk) 16:20, 6 January 2014 (WST)

Correction : Enrolment key hint is disabled by default in Moodle 2.2. The setting is found at Settings>Site Administration>Plugins>Enrolments>Self enrolment.

Thanks for the pointer, Jane :) --Mary Cooch 20:18, 22 April 2012 (WST)

de:Sicherheitsempfehlungen (Klaus Steitz 23:47, 27 April 2012 (WST))

Suggestion: Put a link to Register globals Docs page admin/environment/custom check/php check register globals

Request: Replace the link to the spanish translation for this page to the proper page es:Recomendaciones de Seguridad

Apologies for not responding before now. I have added a link to admin/environment/custom check/php check register globals and amended the Spanish link as requested. --Helen Foster (talk) 18:12, 4 November 2016 (AWST)

Use https to secure all pages

Request: add new security recommendations at https://docs.moodle.org/29/en/Security_recommendations below "Update Moodle regularly on each release":

- use https to secure all pages (not just the login page) Protect all traffic from your Moodle instance and your users by making all pages accessible via https only. This not only protects passwords on login but also ensures the privacy of your users so that all user data cannot be intercepted or manipulated ("ad injections") from third parties like WLAN providers for example. Free https certificates are available from https://letsencrypt.org/ In addition, please also set httpslogin=yes in your moodle config to add an extra layer of protection for submitting login credentials.

Thanks Robert, 'use https to secure all pages' has been added as suggested. --Helen Foster (talk) 22:05, 7 November 2016 (AWST)