To minimize spam and other security threats, keep Moodle 3 updated with the latest patches and software enhancements. In this article, we’ll show you how to reduce spam in Moodle 3.
An integrated report is available for review at Site administration > Reports > Security checks, which provides an assessment of site security and steps you can take to protect your site further.
How to enable critical security settings
Moodle’s developers also recommend enabling the following measures to reduce your security risk:
- Ensure that register_globals is disabled in your PHP settings (this is the default setting).
- Keep Force users to log in for profiles enabled in Site administration > Security > Site security settings to prevent anonymous visitors and search engines from seeing user profiles.
- Keep Profiles for enrolled users only enabled in Site administration > Security > Site security settings. This will prevent affected profiles from being visible even to other users on the site.
How to disable self-registration
Where possible, keep Moodle’s self-registration feature disabled and add accounts manually through the administration dashboard. You can manage registration settings at Site administration > Plugins > Authentication > Manage authentication.
If you need to enable self-registration, there are safeguards you can take to reduce threats.
- Enable RECAPTCHA features for account sign-up forms by obtaining security keys and entering them in the authentication settings form at Site administration > Plugins > Authentication > Manage authentication. Once keys are entered and validated, you’ll be able to enable the RECAPTCHA feature, preventing bots from registering accounts on your site.
- Limit self-registration to specific email domains, again using Manage authentication settings.
- Enable self-registration for a short “sign-up” period, then disable the setting.
- Ensure that the Email change confirmation setting is enabled in Site administration > Security > Site policies, which requires users to manually confirm changes to registered email addresses.If you’re able to trace security issues to specific IP addresses, or blocks, take advantage of Moodle’s IP address blocking features at Site admin > Security > IP Blocker > Blocked IP List.
Clean up user profile spam
If you experience issues with rogue profiles being registered on your Moodle site, you can identify misbehaving accounts at Site administration > Reports > Spam cleaner.
The feature allows you to search all user profiles for certain spam-related terms and then delete those accounts.
If you need help with your HostPapa account, please open a support ticket from your dashboard.