If you run a popular Moodle site with email-based self-registration enabled, it’s inevitable that at some point you’ll encounter fake user accounts created by spam bots. Even with reCAPTCHA enabled, spam remains a persistent and frustrating issue. From experience managing some of the largest Moodle platforms around, we at Catalyst understand how disruptive this can be and how difficult it is to strike the right balance between security and user accessibility.
That’s why I’m excited to introduce a new plugin I’ve developed: Moodle Registration Rules.
Born out of a collaborative session at MoodleMoot DACH 2024, this plugin is designed to give Moodle admins greater flexibility, stronger security, and a powerful alternative to traditional anti-spam methods like reCAPTCHA.
Built at MoodleMoot DACH 2024
The idea for the Moodle Registration Rules plugin was born during the DevCamp at MoodleMoot DACH 2024, a hands-on, collaborative space where participants pitch ideas, form teams based on shared interests, and work intensively to bring those ideas to life. The goal: to have something functional to showcase by the end of the event.
A few months before MoodleMoot DACH, one of our clients was struggling with hundreds of spam user registrations per day. While we were able to resolve the issue for them, I was surprised to discover that no community plugin existed to tackle this problem.
When I pitched the concept at the DevCamp kickoff, the response was overwhelmingly positive. I was soon joined by Philipp Hager and Andreas Hruska from eDaktik, Lukas Müller from LernLink, and Michael Aherne from the University of Strathclyde all of whom had encountered similar challenges and were eager to collaborate on a solution.
What followed was a fantastic example of open source in action: over just a few days, we turned a shared pain point into a working prototype. The energy, creativity, and shared sense of purpose at the DevCamp made it possible to move quickly from concept to code.
What Does the Plugin Do?
The Moodle Registration Rules plugin helps prevent spam signups and tighten security during user registration. It works by giving you a broader set of tools and configuration options, which can be layered to provide an extremely effective solution, including:
- Support for CAPTCHA alternatives such as ALTCHA, Cloudflare Turnstile, and hCaptcha. ALTCHA in particular is a fully open source, self contained, accessible and privacy focussed solution, meaning user data never leaves your site.
- Blocking disposable email addresses and known spam domains, which can be important for maintaining the integrity of your user base.
- Rate limiting to slow down brute-force attempts, a simple method to deter persistent spam bots and reduce the burden on system resources.
- Passsword breach checks using Have I Been Pwned API, helping to reduce the likelihood that legitimate user accounts will be compromised.
- Honeypots and minimum form completion time to trap bots, both very simple techniques that can dramatically reduce spam.
- Limit when users can sign up to specific date or time ranges, so you can ensure that you are available to monitor activity and approve new accounts.
- Create custom rules as subplugins to allow or deny signups based on your own criteria.
These features are designed to work together, or independently, so you can adapt the plugin to meet your organisation’s security policies and accessibility needs.
Why We Built It
reCAPTCHA can be effective for some sites, but it’s not always suitable, especially for institutions with strict data privacy policies, accessibility requirements, or complex user flows.
We wanted to create something that:
- Offers more control to Moodle admins
- Integrates seamlessly with privacy-respecting services
- Provides layered protection without disrupting the user experience
- Reflects the spirit of open collaboration in the Moodle community
Since releasing the plugin, we’ve received strong interest from across the Moodle ecosystem. Thanks to feedback shared by early adopters, we’ve already been able to introduce several improvements. The result is a plugin that not only solves a problem, it also evolves through community input.
Ready to Try It?
You can download the plugin here: Moodle Registration Rules on moodle.org It’s completely free and open source, and we’d love to hear your feedback or suggestions.
To date, the plugin has over 250 commits, 20 pull requests, and 40 resolved issues on GitHub. If you’d like to contribute, head over to the project page on GitHub.
I’m also keen to hear how you’re using the plugin and which features have worked best for your site. If you have ideas, questions, or feedback, feel free to start a discussion on GitHub.
Want to Do More With Moodle?
At Catalyst IT, we’re not just plugin developers, we help institutions make the most of their Moodle platforms with scalable managed hosting and strategic digital learning support.
If you want to boost your platform’s performance, security, or flexibility, get in touch.
With Catalyst, you have the Freedom to Innovate.
