I suggest you ...

Modification of Moodle App installation

I suggest modifying the current Moodle App installation so the moodledata directory is not in public_html.

5 votes
Sign in
(thinking…)
Password icon
Signed in as (Sign out)

We’ll send you updates on this idea

Thomas Hutchins shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

2 comments

Sign in
(thinking…)
Password icon
Signed in as (Sign out)
Submitting...
  • Eddie commented  ·   ·  Flag as inappropriate

    As per the official document of moodle it is not absolutely necessary to have the datadirectory outside the webroot. Please review official note below

    Official Statement:
    Security warning: For security purposes, it is CRITICAL that this directory is NOT accessible directly via the web. The easiest way to do this is to simply locate it OUTSIDE the web site root directory (it is the folder that the main part of your URL -that is, the part up to the first single / - points to; for example, in http://your.domain.com/moodle/admin/cron.php, it is http://your.domain.com/).

    But if you must have it in the web directory (and you are using Apache AND the web server configuration allows .htaccess files to restrict access to directories) then protect it by creating a file in the data directory called .htaccess, containing these lines

    order deny,allow
    deny from all

Feedback and Knowledge Base