Moodle developers take security very seriously. Moodle is widely used at universities, so you can be reassured that security is in place to protect courses, user accounts, and data, Like with all software, hackers get in, and developers set up patches. As you know, there's no such thing as complete security.
Moodle.org provides a list of basic recommendations to keep your site as secure as possible. The following list summarizes the recommendations:
You can find more information at http://docs.moodle.org/en/Security.
Check out the following sections to discover more about the settings that help you manage security and enable users to link to resources.
Site policies settings determine what users can access and see as well as who can enter your site. Click the Site Policies link to go over the default settings (which provide the required security), though you may want to enable others. Each setting has check box and a short description.
You can trust the defaults, which I highly recommend, and go through the page to see all the available settings when you're comfortable with Moodle.
The HTTP Security page allows you to choose a number of security options, such as using HTTPS to encrypt ...