MDL Shield
Security-First Code Reviews

Ship Secure Moodle™ Plugins With Confidence

Expert security code reviews for Moodle™ plugin developers. Catch vulnerabilities before your users do, protect the institutions that rely on your code, and build a reputation for secure, trustworthy plugins.

22.3k+
Files Scanned
5.6M+
Lines Reviewed
586
Findings Surfaced
133
Security Issues Found
Audit Your PluginView Sample Report
Security Best Practices
Moodle-Specific Checks
Actionable Fix Guidance
Vulnerablereport_filter.php
1234
<?php$query = "SELECT * FROM" . " {user} WHERE id = " . $_GET["id"];
Securereport_filter.php
1234
<?php$user = $DB->get_record( 'user', ['id' => $id]);

What We Review

Thorough security analysis tailored to the Moodle ecosystem.

Moodle-Native Security
Purpose-built for the Moodle ecosystem. We understand capabilities, sesskeys, the $DB API, and the patterns that make Moodle plugins secure — or vulnerable.
Find Issues First
Catch vulnerabilities before they're exploited. Protect the institutions relying on your plugin and your reputation as a developer.
Full Source Audit
Every PHP, JavaScript, and template file is examined in context — not pattern matching, but a thorough line-by-line review of your entire codebase.
Access Control Analysis
Verify your capability checks, role assignments, and permission handling follow Moodle patterns and are applied consistently across all entry points.
Security Badge
Published reviews earn a security grade badge you can display on the Moodle plugin directory, your Git repository, or your own website.
You Control Publication
Review results are yours. You decide if and when they go public. We never publish without your explicit consent.

How It Works

A streamlined process designed to get your plugin reviewed and secured as quickly as possible.

01

Verify Ownership

Sign up and verify that you maintain the plugin. We already track every plugin in the Moodle directory — just confirm it's yours.

02

Run a Scan

Initiate a security review from your dashboard. Our AI-powered analysis examines every file in your plugin, tuned specifically for Moodle security patterns.

03

Review Findings

Receive a detailed report with severity ratings, code snippets, file locations, and clear fix guidance for every issue found.

04

Publish & Badge

Fix any issues, re-scan to confirm, and publish your results when ready. Earn a security badge to show on the plugin directory, GitHub, or your website.

Simple, Transparent Pricing

AI-powered analysis built for the Moodle ecosystem. Free for open source, with optional expert verification.

Community
Free
For non-commercial plugins listed in the Moodle plugins directory
  • AI-powered security analysis
  • Moodle-specific vulnerability detection
  • Detailed report with fix guidance
  • Severity ratings included
  • Verification badge for your plugin
  • 2 reviews per month
Get Started
For Commercial Plugins
Verified Review
€250/plugin
Human-verified findings from expert developers. One-time fee for commercial plugins.
  • Everything in Community, plus:
  • Expert human verification of all findings
  • False positive elimination
  • Priority support
  • 2 reviews per plugin
  • Additional reviews available for purchase
Submit Plugin
Custom Solutions
Contact Us
Tailored solutions for Hosting Providers, LMS Integrators, and institutions.
  • Full codebase review with all plugins
  • Single comprehensive report
  • Integration with CI/CD pipelines for continuous security monitoring
  • Dedicated support and consultation
  • Customisable review frequency and scope
  • Volume discounts for multiple plugins
  • Priority access to new features and updates
Contact Us

Frequently Asked Questions

Common questions from plugin developers.