The dataroot is the directory where Moodle stores user files. It should not be directly accessible via the web.

See also

• Using Moodle Security and Privacy forum
• MDL-15716 Tighten dataroot security checks and warn the administrator 'loudly'