report/security/report security check frontpagerole

report/security/report security check frontpagerole

report/security/report security check frontpagerole To enable logged-in users to participate in front page activities, a default front page role can be set in Settings > Site administration > Front Page > Front Page settings. See also Using Moodle Security and Privacy forum   
report/security/report security check guestrole

report/security/report security check guestrole

report/security/report security check guestrole The guest role is used for guests, non-logged in users and temporary guest course access. No risky capabilities should be allowed for the guest role. See also Guest role Using Moodle Security and Privacy forum   
Security report on default user role

Security report on default user role

Security report on default user role Default role for all users In general the default role for all users should be set to authenticated user. Normally all permissions for the role of authenticated user should be left as default. Default … Continued
Backup of user data

Backup of user data

Backup of user data Moodle includes a feature that allows course backups to include user data (such as forum posts, glossary entries and so on). To do this Moodle also includes the relevant user accounts as well, in order that … Continued
report/security/report security check riskadmin

report/security/report security check riskadmin

report/security/report security check riskadmin The number of Site administrators (in Settings > Site administration > Users > Permissions > Site administrators) should be kept to a minimum. The Manager role should be used instead to give selected users additional permissions. See also Using Moodle Security and … Continued
XSS trusted users

XSS trusted users

XSS trusted users Certain capabilities enable users to add non-checked files and HTML code containing JavaScript etc. This may be misused for cross-site scripting (XSS) purposes, with the potential to gain full admin access. These capabilities are intended for administrators … Continued
report/security/report security check configrw

report/security/report security check configrw

report/security/report security check configrw It’s important that you CHMOD (set permissions) on config.php as read-only. Typically this means setting it to 644, or in some cases 444. If you cannot do this with your FTP software, try using the File … Continued
report/security/report security check emailchangeconfirmation

report/security/report security check emailchangeconfirmation

report/security/report security check emailchangeconfirmation You should generally always force users to confirm email address changes (by ticking the emailchangeconfirmation checkbox in Settings > Site administration > Security > Site policies) via an extra step where a confirmation link is sent to the user. … Continued
report/security/report security check google

report/security/report security check google

report/security/report security check google Allowing Google to enter your site means that all the contents become available to the world. Don’t use this unless it’s a really public site. See also Using Moodle Security and Privacy forum   
report/security/report security check openprofiles

report/security/report security check openprofiles

report/security/report security check openprofiles User profiles should not be open to the web without authentication, both for privacy reasons and because spammers then have a platform to publish spam on your site. See also Reducing spam in Moodle Why porn … Continued