Skip to main content
Moodle Security Testing
  • You are not logged in. (Log in)
  • Home

Moodle Security Testing Instance


Welcome to the Moodle security testing site! This is an isolated testing instance of Moodle LMS, which can be used by security researchers to identify potential vulnerabilities. Please ensure you have read and agree to the below Code of Conduct before performing any testing.

Any vulnerabilities discovered in the Moodle LMS can be reported via our Vulnerability Disclosure Program. For more information about rewards/recognition for valid submissions, please see our Security Policies Documentation.

Code of Conduct

  1. Please adhere to the terms and scope of our Vulnerability Disclosure Policy.
  2. All courses and settings will be reset at midnight UTC (users will be retained), however please try to return any setting changes back to normal once you have finished testing if possible, for the benefit of other researchers.
  3. Try to keep impact on other researchers minimal (eg minimising verbose/page breaking JS), rate limiting any tools to not affect performance of the site.
  4. If you plan on performing tests that may lead to Denial of Service (such as automated scans that are not rate limited, or other high traffic tests), please download Moodle and test it locally,
    to avoid impacting this site for other researchers.
You are not logged in. (Log in)
Moodle logo
Data retention summary
Get the mobile app