Investigation of Security in Moodle LMS (by Sheo Kumar and Kamlesh Dutta)


This is an article from the International Journal of Information Technology and Knowledge Management published last January 2011.  While some specifics may have changed with the release of Moodle 2.1 and 2.2, there is a wealth of knowledge about Moodle’s pluses, minuses and possible security exploitations.

Kumar and Dutta start out with an introduction to Moodle, its origins and rapid growth as well as its comparative advantages and disadvantages as seen through a wider lens of the LMS market.

There after it immediately launches into a survey of the possible security vulnerabilities of Moodle sites, including but not limited to

  • authentication attacks
  • denial of service attacks
  • cross site scripting
  • session hijacking

One of the major limitations of Moodle, according to Dutta and Kumar is its inability to apply https across the entire site (though authentication and some administrative functions are supported).  If you’re interested in learning more about’s Security Recommendations go to

The conclusion of the paper proposes a couple of solutions to possible security attacks which can help to mitigate or even prevent the exploitation of the vulnerabilities.  Two relatively simple solutions are applying Captcha to the registration process and enabling using SSL.

Find this PDF article and more at

  • Moodle LMS has smooth solution combinations technological innovation. It is accountable for improved results and a much more effective studying.

  • Moodle is always a best option in this terms, it provides a flexible environment for continued improvement and expansion, this means we can shape Moodle according to the changing environment.