Botnet attacks on Moodle: How to protect your admin accounts

August 25, 2025

There is currently a significant increase in malicious login attempts on Moodle platforms worldwide. The good news first: this is not a security vulnerability in Moodle. The bad news is that automated attacks are using stolen credentials from data leaks to check whether they also work for Moodle admin accounts.

This is where so-called botnets come into play. A botnet is a network of many infected computers that cybercriminals control remotely. They can be used to automate mass login attempts - quickly, inconspicuously and without any targeted action against your Moodle platform. If the login is successful, the attackers attempt to install malicious plugins in Moodle.

Three measures that you can implement immediately

1. restrict admin access

In Moodle, very few people need a real admin account. Thanks to the sophisticated roles and rights concept, most tasks - such as creating courses or users - can be completed without admin rights. Check your platform and reduce the number of admins to the necessary minimum.

2. activate password rules

Ensure that your Moodle instance enforces minimum standards for passwords. A strong password is the first line of defense against attacks using stolen credentials. In the Moodle settings you will find options to set password length and complexity. You can change the system-wide settings for security and data protection via the Site Administration menu item (or in the Settings > Site administration) > Security > Site security rules to make these settings.

3. force password change

If you are unsure, reset the admin passwords. In the user administration, you can activate the "Require password change" option for certain accounts. This ensures that new, secure passwords are set.

Extra protection: multi-factor authentication (MFA)

Moodle already comes with built-in options for MFA. Admins can also secure themselves with a second factor - for example via email, app or hardware token. They can even define IP ranges within which no second factor is required. You can find more information about MFA in Moodle here.

How eLeDia secures your Moodle system

If you host your Moodle at eLeDia, you have a decisive advantage: We have deactivated the web-based installation of plugins and also write-protected the plugin folder. This means that the typical gateways of the botnet are technically blocked - even if an attacker manages to log in.

Secure your Moodle with eLeDia! Book your hosting or arrange a consultation with us - we'll make sure your platform not only works, but stays secure.

Further contributions

The Moodle Administrator Qualification (MAQ) is a certification program that allows you to deepen and demonstrate your knowledge as a Moodle administrator.

eLearning Knowledge

New: Moodle Administrator Qualification (MAQ)

The Moodle Administrator Qualification (MAQ) is a certification program designed specifically for Moodle administrators. It is intended for individuals who have at least one year of experience in Moodle administration. Over the course of 8 modules, you will consolidate and deepen your Moodle knowledge. With this certification from Moodle HQ, you can demonstrate your Moodle expertise both within and outside your organization.

March 25, 2026

AI in Moodle's Core: Text and image generation, summarization, and explanation features directly within the Moodle LMS, as well as information about the flexible AI architecture and control

Moodle knowledge

AI in Moodle's Core: An Overview of Features, Architecture, and Full Control

Since Moodle 4.5, AI has been directly integrated into the core. Learn about the features offered by “AI Moodle,” how the AI subsystem is structured, and how institutions can maintain full control over its deployment, data protection, and usage.

March 16, 2026