Note: You are currently viewing documentation for Moodle 3.2. Up-to-date documentation for the latest stable version of Moodle is probably available here: Security FAQ.
Not sure how long it has been (at least Moodle 2.5) since it was changed however to enable ReCAPTCHA you need to go to:
Site administration > Plugins > Authentication > Manage authentication
... not ...
Site Administration > Users > Authentication > Manage authentication.
Please update the Security FAQ as there is no Authentication under Users.
- Thanks German, I have added the link to the 2.8 - 3.0 English docs. --Helen Foster (talk) 22:39, 17 November 2015 (AWST)
- Thanks Helen. That was fast :) German Valero (talk)
I understand that reCaptcha has been hacked as recently as April 2016. Not a big fan of using Captcha or reCaptcha, is there anything else that can be used to validate human/nonhuman identities? Something that is free and maybe not easy to hack? Also, bearing in mind the blind and visually impaired who have difficulty with reCaptcha, there has to be some discussion or some alternative. --Colin Fraser (talk) 17:06, 19 September 2016 (AWST)
- Hi Colin, if you've not done so already, I suggest you post on moodle.org about alternatives to Captcha and also make sure there is an issue for it in the tracker, since not many people watch pages in Moodle Docs. --Helen Foster (talk) 20:08, 19 September 2016 (AWST)
Hi, Maybe adding a link to https://moodle.org/plugins/local_csp (Content Security Policy) additional plugin would be a good addition to this (or another similar) security Docs page. This plugin allows an admin to create a Custom Security Policy (CSP) in both reporting mode and enforcing mode. A simple use case is to detect and cleanup issues with non secure content after a migration from http to https, through to advanced policies to mitigate from XSS attacks. German Valero (talk)