blog / Products / Approach To Lms Plugins Security Compliance Partnership

How Open LMS’s Rigorous Approach to LMS Plugins Provides Security, Compliance, and Partnership

Third-party plugins can improve the training experience and help you manage learners and users more efficiently. In an open-source LMS environment, you have access to an active, vibrant developer community and an array of innovative third-party plugins. However, without the right security protocols, all this abundance isn't necessarily a good thing.

With potentially insecure or even malicious options out there, how do you access the benefits of third-party plugins without compromising the integrity or user experience of your learning platform?

The key is working with a trusted platform and seasoned security experts, like our team at Open LMS. We’re the largest Moodle™-based LMS provider in the world, and we're trusted by organizations across the globe to provide a rich and rewarding learning environment. Seamless and secure third-party plugin integration is a key part of what we offer. So how do our team of Moodle™ experts approach plugins? Read on for a brief overview of how plugins operate in the LMS environment and a comprehensive deep dive into our plugin vetting process.

WANT MORE FROM YOUR LMS? DOWNLOAD THIS EBOOK | ‘Putting Impact-Backed ROI at the Heart of Your Learning Ecosystem

When you take advantage of a fully customizable platform like Open LMS, you can access a whole new world of training tools and features.

How Plugins Enhance the LMS Environment

In some ways, an LMS is like a smartphone or tablet. While the device itself offers essential functions, it's the app store that truly unlocks its potential. Similarly, third-party plugins provide additional functionality beyond what an LMS offers.

When you take advantage of a highly customizable platform like Open LMS, you can access a whole new world of training tools and features. Innovative ways to deliver courses, manage training, personalize the learning experience, and more will all be at your fingertips. There are a variety of third-party plugins available on Open LMS by default—check out the options for Open LMS EDU and Open LMS WORK. We’ll also support you when you request third-party plugins from our team of Moodle™ experts. This allows you to customize your learning environment to your specific needs, providing the best possible experience for your learners, staff, and L&D team.

KEEP READING | ‘Personalizing Professional Development: What You Need to Know

Open LMS takes a proactive approach to plugin review. We know that your organization is committed to protecting the data of your students or employees. So are we.

Why Every Plugin Should Be Carefully Vetted

The benefits of plugins are clear. But as with any software tool, they open the door to threats if not thoroughly vetted and responsibly managed. Many third-party plugins present a security risk because they aren't properly and promptly updated and maintained. Some may even use libraries with known vulnerabilities.

If these poor-quality plugins were to be introduced into your LMS, the effects could be disastrous. Whether you're managing student learning at an institution or work in the corporate training environment, you know that your system is replete with sensitive data like Personally Identifiable Information (PII) or employee contact details. An insecure plugin can create a vulnerability that compromises this data.

Some plugins may even deliberately and maliciously collect and store data that they shouldn't be harvesting or send data elsewhere. This is why Open LMS takes a proactive approach to plugin review.

We know that your organization is committed to protecting the data of your students or employees. So are we. Every plugin is thoroughly vetted and reviewed by our team of Moodle™ and LMS professionals to ensure maximum security and compliance for every customer.

With Open LMS, you get both the benefit and flexibility of a customized platform as well as the peace of mind of knowing that you're in expert hands. We work with you to ensure that you get access to the features and tools you need, safe in the knowledge that you can rely on us to only allow trustworthy plugins into your LMS environment.

KEEP READING | ‘Open-Source vs Closed-Source LMS: Understanding Key LMS Technologies

Our LMS plugin vetting team is committed to well-reasoned decisions based on years of experience and a deep understanding of Moodle's™ architecture and security best practices.
Want to see Open LMS in action? Take a self-guided tour to explore key features and functionality in your own time.
Take a tour

How Open LMS’s Meticulous Plugin Review Process Works

Our comprehensive review process for third-party plugins ensures that your learning tech stack remains secure and performs well. Whenever we add a new plugin—whether it's specifically requested by a customer or added by us to improve access to innovative tools—we take the following steps to ensure its suitability:

  1. Compatibility Check: We verify if a version of the plugin is compatible with your current Moodle™ version. If the version is outdated, it will not function on your LMS, and we'll then look for a different option.
  2. Code Scrutiny: We meticulously examine the plugin’s source code to identify any security vulnerabilities. This step includes checking if it sends login data externally, uses libraries with known exploits, or collects and stores data inappropriately.
  3. SQL Analysis: We review the SQL code it generates to ensure it's optimized for performance and won't compromise the user experience of your LMS.
  4. Rigorous Testing: We install the plugin in a test site, replicating scenarios with test data. During this phase, we closely monitor performance and data flow for any security vulnerabilities or questionable behavior. If the plugin was requested by a specific customer, we may also test the plugin in a sandbox relevant to their unique environment.

If this robust review proves that the plugin is suitable, we will allow it into the environment. We will never approve a plugin that doesn't satisfy all of our criteria or poses any kind of vulnerability.

At Open LMS, we pride ourselves on rigorous security. Our LMS plugin vetting team is committed to well-reasoned decisions based on years of experience and a deep understanding of Moodle's™ architecture and security best practices. Adhering to a thorough and systematic protocol allows us to keep all our customers safe.

RELATED READING TO DOWNLOAD TODAY | ‘Open-Source LMS Security Myths Debunked

We're Your Partners in Security and Performance

With so many options at your fingertips, third-party plugins can be overwhelming. Our mission is to guide you and keep your organization secure and your learning environment performing optimally.

Should you request a plugin that doesn't meet our security criteria, no problem—we can work with you to find suitable alternatives that will help you meet your training outcomes without compromising security or performance.

Reach new levels of learning excellence with Open LMS as your LMS plugin and hosting partner. Get a self-guided walkthrough or request a demo to talk about what we can do for you.
Craig Utley
About the author
Craig UtleySenior Director of Cloud Services, Open LMS

Highly accomplished executive Information Technology leader with 25 years of progressive experience with a proven track record of leading large teams and multimillion-dollar budgets while delivering high-value solutions that are delivered on time and on budget. Serve as the key executive for information services with responsibility for leading the short- and long-term strategic direction of the IT department. Known for a broad skillset required to work with stakeholders to develop the value proposition of technology solutions and align IT with strategic business objectives, and developing a high-performing team of competent, business-focused employees.

Discover our solutions

    Learning Technologies Group logo