I suggest you ...

Modification of Moodle App installation

I suggest modifying the current Moodle App installation so the moodledata directory is not in public_html.

5 votes
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Thomas Hutchins shared this idea  ·   ·  Admin →

    2 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Eddie commented  · 

        As per the official document of moodle it is not absolutely necessary to have the datadirectory outside the webroot. Please review official note below

        Official Statement:
        Security warning: For security purposes, it is CRITICAL that this directory is NOT accessible directly via the web. The easiest way to do this is to simply locate it OUTSIDE the web site root directory (it is the folder that the main part of your URL -that is, the part up to the first single / - points to; for example, in http://your.domain.com/moodle/admin/cron.php, it is http://your.domain.com/).

        But if you must have it in the web directory (and you are using Apache AND the web server configuration allows .htaccess files to restrict access to directories) then protect it by creating a file in the data directory called .htaccess, containing these lines

        order deny,allow
        deny from all

      • Thomas Hutchins commented  · 

        This change is critical if I am to become a customer.

      Feedback and Knowledge Base