Note: You are currently viewing documentation for Moodle 4.0. Up-to-date documentation for the latest stable version of Moodle may be available here: Security recommendations.

Talk:Security recommendations

From MoodleDocs

I think we should suppress register_global advise because has non sense talk about a suppressed php from version 5.4+ (more than 5 years ago). I'm going to edit the article according to this.

--Joan Cervan (talk) 10:20, 18 January 2019 (UTC)


To tighten up permissions on Linux:

cd /var/ find moodledata/ -type d -exec chmod 700 {} \; find moodledata/ -type f -exec chmod 600 {} \; cd /var/www/html # or cd /var/www/ if moodle folder is one level lower find moodle/ -type d -exec chmod 755 {} \; find moodle/ -type f -exec chmod 644 {} \;


Correction : The RootkitRevealer-link are outdated, working links: english: http://technet.microsoft.com/en-en/sysinternals/bb897445.aspx german http://technet.microsoft.com/de-de/sysinternals/bb897445.aspx

Thanks Reto, I have amended the links accordingly. --Helen Foster (talk) 16:20, 6 January 2014 (WST)


Correction : Enrolment key hint is disabled by default in Moodle 2.2. The setting is found at Settings>Site Administration>Plugins>Enrolments>Self enrolment.

Thanks for the pointer, Jane :) --Mary Cooch 20:18, 22 April 2012 (WST)


de:Sicherheitsempfehlungen (Klaus Steitz 23:47, 27 April 2012 (WST))

Suggestion: Put a link to Register globals Docs page admin/environment/custom check/php check register globals

Request: Replace the link to the spanish translation for this page to the proper page es:Recomendaciones de Seguridad

Thanks. I checked and found that the Spanish link is correct. --Helen Foster (talk) 07:23, 16 December 2019 (UTC)

Bad link The section, "Most secure/paranoid file permissions", contains an example link, http://your.moodle.site/admin/phpinfo.php. This got converted to an actual link that takes one to someplace weird. Please remove the link and just leave the text. --Christopher King 2 (talk) 23:02, 15 December 2019 (UTC)

Thanks. I have removed the link as suggested. --Helen Foster (talk) 07:23, 16 December 2019 (UTC)

This document recommends to set the files in the moodledata directory to 600, but Moodle writes new files as 666 by default. There should be some mention on the page how to modify Moodle/PHP/Apache/etc to create new files/dirs with 600/700 perms, respectively.