Forcing Moodle 2.3 to work over SSL

When managing a Moodle site, there are reasons to make the entire Moodle site work on an https:// connection. This will make all data transmitted over the site to be encrypted on an SSL connection. To achieve this, the Moodle config.php file will need to be edited and the .htaccess will need to have a redirect set up to force the https:// to load. The following tutorial will explain how to force Moodle 2.3 to work over an SSL connection.

Forcing SSL on https for Moodle

  1. Log into cPanel
  2. force-ssl-1-non-moodle

    Navigate to the config.php file in the File manager.

    Look for the line 17 (on default config files) that shows:

    $CFG->wwwroot   = 'https://example.com'; 


    force-ssl-2-ssl-moodle

    Change the https:// to https:// like the following:

    $CFG->wwwroot   = 'https://example.com'; 

     


  3. force-ssl-3-htaccess-moodle

    Next, Set up a redirect in your .htaccess file. Place the following code to force the https:// redirect.

    RewriteEngine On  RewriteCond %{SERVER_PORT} 80  RewriteRule ^(.*)$ https://www.example.com/$1 [R,L] 

    Save the .htaccess file.

This concludes the article on Forcing Moodle 2.3 to work over SSL. For more information on this Education course please visit Moodle site security and server settings

Thoughts on “Forcing Moodle 2.3 to work over SSL

  • Hi,

    your post is informative.

    In case if the moodle site is a subsite which is not a root site then how should the redirect code look like.

    Thanks

    • Hello Das,

      What do you mean a subsite? Did you mean a subdomain like ‘moodle.example.com‘? If so, the SSL would need to have been created with that in mind. The code would be almost identical, simply replacing example.com with subdomain.example.com

      Kindest Regards,
      Scott M

Was this article helpful? Let us know!