How to reduce spam in Moodle 3

To minimize spam and other security threats, it’s recommended to keep Moodle 3 updated with the latest patches and software enhancements. An integrated report is available for review at Site administration > Reports > Security overview, which provides an assessment of site security, alongside steps you can take to further protect your site.

Security report

Enable critical security settings

Moodle’s developers also recommend enabling the following measures to reduce your security risk:

  1. Ensure that register_globals is disabled in your PHP settings (this is the default setting).
  2. Keep Force users to login for profiles enabled in Site administration > Security > Site policies to prevent anonymous visitors and search engines from seeing user profiles.
  3. Keep Profiles for enrolled users only enabled in Site administration > Security > Site policies. This will prevent affected profiles from being visible even to other users on the site.

Disable self-registration

Where possible, keep Moodle’s self-registration feature disabled and add accounts manually through the administration dashboard. You can manage registration settings at Site administration > Plugins > Authentication > Manage authentication.

Manage authentication

If you need to enable self-registration, there are safeguards you can take to reduce threats.

  1. Enable RECAPTCHA features for account sign up forms by obtaining security keys from http://recaptcha.net and entering them in the authentication settings form at Site administration > Plugins > Authentication > Manage authentication. Once keys are entered and validated, you’ll be able to enable the RECAPTCHA feature, preventing bots from registering accounts on your site.RECAPTCHA settings
  2. Limit self-registration to specific email domains, again using Manage authentication settings.Domain restrictions
  3. Enable self-registration for a short “sign-up” period, then disable the setting.
  4. Ensure that the Email change confirmation setting is enabled in Site administration > Security > Site policies, which requires users to manually confirm changes to registered email addresses.Email change confirmation

    If you’re able to trace security issues to specific IP addresses, or blocks, take advantage of Moodle’s IP address blocking features at Site admin > Security > IP Blocker > Blocked IP List.

IP filter

Clean up user profile spam

If you experience issues with rogue profiles being registered on your Moodle site, you can identify misbehaving accounts at Site administration > Reports > Spam cleaner.

Spam filter

The feature allows you to search all user profiles for certain spam-related terms and then delete those accounts.

If you notice any problems or if you need any help, please open a new support ticket from your HostPapa Dashboard. More details on how to open a support ticket can be found here.

Was this article helpful?

  • Was this article helpful ?

  • yes   no

Related Articles

Leave A Comment?