Administration & Security

Authentication (Auth): Verifying who the user is (Logging in). Examples: Manual, LDAP, OAuth2.

Enrolment: Giving a user access to a specific course. Examples: Manual, Self, Cohort Sync.

Contexts are the levels at which roles can be assigned. They are hierarchical:

System > Category > Course > Module (Activity) > Block.

A permission granted at a higher level (e.g., Category) cascades down to lower levels (e.g., Course) unless overridden.

1. Go to Site administration > General > Advanced features and enable "Web services".

2. Go to Site administration > Mobile app > Mobile settings and enable "Enable web services for mobile devices".

3. Ensure the site is accessible via HTTPS.

Cohort: A site-wide or category-wide collection of users. Used for bulk enrolment into multiple courses (Cohort Sync).

Group: A collection of users within a specific course. Used to separate students for activities, grading, or visibility.

1. Check the web server error logs (Apache/Nginx logs).

2. Enable debugging in config.php:

$CFG->debug = 32767; // DEBUG_DEVELOPER
$CFG->debugdisplay = 1;

3. Purge caches via CLI: php admin/cli/purge_caches.php.

Scheduled tasks are background jobs (like sending forum emails or syncing enrolments) that run via the system Cron.

You manage them in Site administration > Server > Tasks > Scheduled tasks. You can change their frequency (minute, hour, day) or run them immediately via the "Run now" link (if enabled) or CLI.

There is no native "Course IP restriction" setting. However, you can:

1. Use a plugin like "Restrict by IP" availability condition.

2. Configure the web server (Nginx/Apache) to restrict access to the specific course URL pattern.

3. Use the "Require IP" setting in Quiz settings for assessments.

It prevents non-admin users from logging in or accessing the site. It is used during upgrades, backups, or server maintenance to ensure data consistency.

Enable via CLI: php admin/cli/maintenance.php --enable.

Go to Site administration > Language > Language packs. Select the language from the list and click "Install selected language pack". Moodle downloads it from the official repository to moodledata/lang.

A token is a unique string that acts as a key for an external application to access Moodle's API on behalf of a specific user. It replaces the need to send a username and password with every request.

Moodle's backup system serializes course data (activities, users, grades) into an .mbz file (a zipped XML structure). The restore process reads this file and recreates the course elements. It uses a controller-worker pattern and can be executed asynchronously.

• php admin/cli/cron.php: Runs the cron tasks manually.
• php admin/cli/purge_caches.php: Clears all Moodle caches.
• php admin/cli/maintenance.php: Toggles maintenance mode.
• php admin/cli/cfg.php: View or set configuration variables.

You can use the admin/cli/reset_password.php script. Usage: php admin/cli/reset_password.php --username=admin --newpassword=NewPass123!. This is useful if the admin gets locked out.

1. Check Site administration > Server > Email > Mail settings to ensure SMTP is configured correctly.

2. Check the "Mail" logs in Moodle or the server's mail log.

3. As an admin, you can manually reset their password in their profile settings.

The Guest role allows users to view course content without being enrolled or (optionally) without being logged in. Guests cannot post in forums, take quizzes, or receive grades.

Use Site administration > Users > Accounts > Upload users. You upload a CSV file with columns like username, password, firstname, lastname, email. You can also include enrolment fields like course1, role1.

It allows a user with higher permissions (like a Teacher or Admin) to temporarily view the course as a user with lower permissions (like a Student) to test visibility and access.

Go to the course, click "More" (or the gear icon) > "Course reuse" > "Backup". Follow the wizard to select which activities, blocks, and user data to include. The result is a .mbz file.

The Front Page is the landing page of the site (course ID 1). It has its own settings, roles, and backup procedure. It is technically a course but behaves differently regarding enrolments.

Go to Site administration > Users > Accounts > Bulk user actions. Select all users, then choose "Force password change" from the action dropdown.

Filters process text content before it is displayed. Examples include:

• Multimedia plugins: Converts URLs (like YouTube) into embedded players.
• MathJax: Renders LaTeX equations.
• Activity names auto-linking: Links text to activities with the same name.

Go to Site administration > Location > Location settings. Set the "Default timezone". Users can override this in their profile unless "Force timezone" is enabled.

Cron is a script (admin/cli/cron.php) that must be executed regularly (every minute) by the server. It handles forum emails, course completion calculations, backup tasks, and system cleanup. Without it, Moodle will not function correctly.

1. Put the site in Maintenance Mode.

2. Dump the database (SQL).

3. Copy the Moodle code directory.

4. Copy the moodledata directory.

5. Restore files and DB on the new server.

6. Update config.php with new paths/URLs.

7. Use the "Search and replace" tool (admin/tool/replace/index.php) if the URL changed.

Badges are digital credentials compatible with the Open Badges standard. They can be awarded at the Site level (for system-wide criteria) or Course level (for completing activities or the course).

Go to Site administration > Plugins > Logging > Manage log stores. You can enable/disable stores like "Standard log" (DB), "Legacy log", or "External database log". Disabling unused stores improves performance.

When enabled, deleted courses and activities are moved to the Recycle Bin for a configurable period (default 7 days) before being permanently deleted. This allows for restoration of accidental deletions.

Go to Site administration > Users > Accounts > User profile fields. You can add custom fields (text, checkbox, dropdown, date) that appear on user profiles and signup forms.

It allows you to define Competency Frameworks and link them to courses and activities. Students can be rated on competencies, and learning plans can be created to track progress.

1. Install an SSL certificate on the web server.

2. Change $CFG->wwwroot in config.php to use https://.

3. Run the "HTTP to HTTPS migration tool" (admin/tool/httpsreplace/index.php) to fix embedded content links.

When using Web Services, you should:

1. Create a specific user for the service.

2. Create a custom Role with only the required capabilities.

3. Enable "IP restriction" for the token if possible.

4. Set an expiration date for the token.

Go to Site administration > Reports. Useful reports include:

• Logs: Activity logs.
• Live logs: Real-time activity.
• Performance overview: System health check.
• Security overview: Security configuration audit.

A developer tool built into Moodle (Site administration > Development > XMLDB editor) used to create and edit install.xml files for plugins. It helps define database tables in a DB-agnostic way.