Note: You are currently viewing documentation for Moodle 3.9. Up-to-date documentation for the latest stable version of Moodle may be available here: Security recommendations.

Talk:Security recommendations

From MoodleDocs

I think we should suppress register_global advise because has non sense talk about a suppressed php from version 5.4+ (more than 5 years ago). I'm going to edit the article according to this.

--Joan Cervan (talk) 10:20, 18 January 2019 (UTC)


To tighten up permissions on Linux:

cd /var/ find moodledata/ -type d -exec chmod 700 {} \; find moodledata/ -type f -exec chmod 600 {} \; cd /var/www/html # or cd /var/www/ if moodle folder is one level lower find moodle/ -type d -exec chmod 755 {} \; find moodle/ -type f -exec chmod 644 {} \;


Correction : The RootkitRevealer-link are outdated, working links: english: http://technet.microsoft.com/en-en/sysinternals/bb897445.aspx german http://technet.microsoft.com/de-de/sysinternals/bb897445.aspx

Thanks Reto, I have amended the links accordingly. --Helen Foster (talk) 16:20, 6 January 2014 (WST)


Correction : Enrolment key hint is disabled by default in Moodle 2.2. The setting is found at Settings>Site Administration>Plugins>Enrolments>Self enrolment.

Thanks for the pointer, Jane :) --Mary Cooch 20:18, 22 April 2012 (WST)


de:Sicherheitsempfehlungen (Klaus Steitz 23:47, 27 April 2012 (WST))

Suggestion: Put a link to Register globals Docs page admin/environment/custom check/php check register globals

Request: Replace the link to the spanish translation for this page to the proper page es:Recomendaciones de Seguridad

Thanks. I checked and found that the Spanish link is correct. --Helen Foster (talk) 07:23, 16 December 2019 (UTC)

Bad link The section, "Most secure/paranoid file permissions", contains an example link, http://your.moodle.site/admin/phpinfo.php. This got converted to an actual link that takes one to someplace weird. Please remove the link and just leave the text. --Christopher King 2 (talk) 23:02, 15 December 2019 (UTC)

Thanks. I have removed the link as suggested. --Helen Foster (talk) 07:23, 16 December 2019 (UTC)