For the online learning world


Moodle 4 Security – A Review


“Moodle 4 Security” is a new book by Ian Wild and published by Packt, available on Amazon: www.amazon.com/dp/1804611662. In this post I review the book and share my thoughts with you. For this purpose I have been given a free copy of the book, both print and digital by Packt. However I am independent and all my views and opinions are my own.


Names / logos can be trademarks of their respective owners. Please review their website for details.

I am independent from the organisations mentioned and am in no way writing for (except in terms of a review of their publication) or endorsed by them.

The information presented in this article is written according to my own understanding, there could be technical inaccuracies, so please do undertake your own research.

The featured image is copyright of Packt, used with permission.


When I was first asked to review Ian’s book I was intrigued. I’ve been a Moodle plugin (sometimes core) developer for quite some time and run several local Moodle installations. But they are development ones, only accessible within my own small network. Apart from being a facilitator of the MoodleBites Server Administrator course (www.moodlebites.com/course/index.php?categoryid=22) I spend most of my time developing with security considerations relating to the code I write, and that of my general day to day use of computers as a work tool. Previously I have gained an appreciation of computer security on my MSc. Critically though, I believe that there is always something new to learn and discover, to understand what others have to say and appreciate their experience.

The review

The book has 288 pages with 11 chapters and 4 parts. Each chapter covers a different aspect of the overall umbrella of the subject and is contained within a distinct part. Ian establishes a flow through the book between the chapters, employing the use of an imaginary company / Moodle instance “Mathaholics”, https://mathaholics.co.uk/, to form a basis upon which to understand the material being presented in a real world situation.

The initial focus, part 1, however is not Moodle, but a primer to security itself. It is a basis for all whom are involved, technical and non-technical, in the operation of a Moodle site to appreciate the ‘why’ security of the installation is required and necessary. The words make you think, question and analyse your own situation. The need to bring all of those involved together and really consider the process that needs to be undertaken.

Part 2, ‘Moodle Server Security’ is definitely aimed at those with technical knowledge and understanding. It is a real ‘how’ rather than a ‘why’ this is done. But needs to be appreciated at the same time by those whom are non-techincal and ‘hold the purse strings’ to know why the investment needs to be made, combined with the amount of effort to do so. Especially in relation to backup and disaster recovery.

Part 3, ‘Moodle Application Security’ is again, technical in implementation but there is a focus for discussion with others on the results in terms of what is found and what needs to be done about it.

Part 4, ‘Moodle Infrastructure Monitoring’ is focused on now monitoring your site to detect issues before they become a problem.

Overall the ‘key’ word that sticks in my mind is ‘comprehensive’. There is a lot to understand here with many, many different elements and tools. The book is an ‘umbrella’ for the subject but by no means all of the subject. There are places where Ian states along the lines of ‘beyond the scope’ and leads you to consider other more detailed sources of information. Not because the book is lacking, but rather because of the complexity and scale of security in relation to running an online website that is exposed to the world with all its dangers.

I feel that even though I have read the book as a single person, that in fact it would be purchased by a business for their use. Each specific aspect to be read by specific individuals, then come together as a team and discuss the overall strategy for implementation. Then after a while, revisited to confirm that what has been implemented is still working, that the procedures put in place are operational, effective and up to date. A reference that you’ll make use of for many years to come.

I don’t doubt that the information and concepts are discussed elsewhere, but what the book does do is bring them all elegantly and precisely related to the Moodle context. It makes you think, question your installation and then go on to consider ‘What more can I do’?


Overall I’m impressed and believe that if I hadn’t have been given a copy to review that I would have still purchased the book myself.

Gareth Barnard
Latest posts by Gareth Barnard (see all)

Gareth Barnard

Gareth is a developer of numerous Moodle Themes including Essential (the most popular Moodle Theme ever), Foundation, and other plugins such as course formats, including Collapsed Topics.

Add a reply or comment...