There has been huge international growth in eLearning and online classrooms post-pandemic. Online platforms such as Moodle LMS (Learning Management System), have had a staggering increase in users. The Moodle app alone went from just over one million users to over 4 million in a matter of months. Due to this increase in online learning adoption, it’s more important than ever to protect the equally increasing online student data.
As an educational provider, ensuring the safety of your students and your student’s data is of utmost importance. Therefore, there can be a lot to consider with the security of hosting and ongoing maintenance of your eLearning platform. That’s why we’ve created this blog post to help you ensure the basic best practices of security and maintenance are covered by your in-house IT expertise. Check out our 10 tips for hosting your Moodle LMS securely.
If you don’t use Moodle, read on anyway as most of our advice is translatable to different platforms.
10 tips for hosting a secure Moodle LMS
1. Test out Moodle LMS on your own device first
Firstly, download and run Moodle LMS on your own device. This way you can test configurations before changes go live on your production site. Having your own instance of Moodle allows you to:
- Test and try out new versions of Moodle.
- Evaluate changing site-wide functionality.
- Try third-party plug-ins.
2. Take the time to learn Moodle before customising roles and role assignments
Secondly, it's a good idea to be familiar with Moodle so you can ensure by the time you customise roles, you've got a good understanding of the privileges a user has access to. This way you can make sure role based users have the appropriate access and don’t pose a data and privacy risk.
3. Keep up-to-date with Moodle releases and versions
Thirdly, it is essential to keep your Moodle software up to date. Moodle provides updates called ‘releases’ that fix bugs and plugs any security issues found. These are generally monthly and seen as an ‘.’ point increase in the version number. For example, M4.3.1 to M4.3.2. You need to keep up to date with releases to keep your Moodle hosting secure.
The same applies to versions, and there are two ‘lanes’ to this. There is an annually released version of Moodle which is supported for 18 months. As well as a long-term support release (LTS) version, which is supported for around three years which almost all Moodle sites are on. Being on an out-support version is a significant security risk. Read more about releases and versions in Moodle.
4. Plan your backups
Backups are important in the case of data loss, either malicious or accidental.
- Familiarise yourself with potential data loss and restoration scenarios.
- Then put a backup plan in place covering those scenarios.
- Activate that plan and make sure all your content is backed up.
Additionally, if you'd like to use a plugin to take care of your backups, you can learn more about 'All backups'. And, if you're interested in getting the most out of Moodle, check out our list of Moodle plugin suggestions.
5. Regularly test your backups
Now you have a backup plan, put some ongoing governance around it. Regularly test your backups so you don’t lose important information and records.
6. Monitor your Moodle LMS 24/7
You need to know immediately when Moodle hosting isn’t working and have the capacity to act quickly to fix this. No matter if you just have your Moodle used during business hours or 24/7. You'll need monitoring to tell you when the site is offline, and monitoring around the performance of the site.
‘Heartbeat check’ is a Catalyst developed plugin that supports the monitoring of Moodle sites by reviewing critical service dependencies. Essentially it checks the health of your Moodle site for you. Once the check has been completed, it provides a link with information on any possible issues.
Learn more about Heartbeat check.
Or you could host with Catalyst, we provide a 24/7 follow-the-sun SLA (service-level agreement). This means we provide 24/7 support with fast response times due to having international offices and engineers. Therefore, when there is an incident, we have a prompt and effective resolution time.
7. Use Single sign on (SSO) to avoid password fatigue
Give your users SSO to increase their productivity by reducing the time they spend on passwords. SSO means they only need to remember one password to access Moodle and other internal systems such as email and calendars. This is a way to proactively manage password fatigue as there’s only one password to memorise. Additionally, it can improve security by automatically disabling access to the LMS when their SSO account is disabled.
You can try 'SAML2 Single sign on' as a plugin solution for SSO.
8. Set password strength requirements
Following on from above, ensure your students are aware of good password practices. A good standard for password strength requirements is having a password that has at least:
- 10 characters.
- One uppercase letter.
- One lowercase letter.
- One digit.
- One symbol.
10. Regularly review your security
Make sure you’re on top of steps 1-9 for your Moodle hosting and you’re keeping the following in mind:
- What does your site look like to guest users - how much can they see and access?
- How hard are your password requirements and how often are they changed?
- Do you have any former staff with accounts still with system privileges?
Secure, safe, and stable hosting
By following our 10 tips for hosting Moodle LMS, you’re set up for a secure, safe, and stable hosting of Moodle. However, if you don’t have a dedicated IT team, or would like your hosting handled by experts, Catalyst can help. As a Platinum Partner, and 2023’s ‘Global Partner of the Year’ and ‘LMS Contributor of the Year’, Catalyst are experts in hosting. If you have any questions, we’re more than happy to help.