9 March 2023
The importance of security upgrades for your LMS

Kenny McCormack
Senior Solutions Architect
Security upgrades keep your LMS and your data safe. If you are relying on an outdated version of your LMS, you’re putting your organisation’s security at risk.
All good things must come to an end — and that’s true of LMS versions. As with all software, as new releases come to market and new technologies emerge, older versions of a learning management system will eventually become obsolete in the eyes of the developer.
When that happens, they become unsupported versions. That means no more updates and, crucially, no more security patches.
If the new features and user experience improvements are the carrot of upgrading your LMS, the security risks of not upgrading are the stick.
Top reasons to stay on top of LMS security upgrades
Security upgrades for learning management systems are no different than upgrades for your phone, computer or any software you use. If you’re not using a version that the developer is actively working to keep secure, you expose your organisation to risks such as:
Data breaches
Weakened security could expose user data and other information stored within your LMS. As well as the potential for GDPR and data protection problems, this could also undermine your organisation’s intellectual property or business processes.
Viruses
When we think of weak software security, viruses are probably the first thing that comes to mind. As well as the potential to damage or disable your LMS, viruses could have a wider operational impact by infecting other systems or users’ devices.
Ransomware attacks
Similar to viruses but particularly topical, an insecure LMS puts your organisation at risk of a ransomware attack. Again, this could spread beyond your LMS to other systems and potentially result in major parts of your operations being held to ransom.
A note on upgrades and updates
It’s worth noting that we’re talking about upgrades here. For supported versions of your LMS, your security will be kept up-to-date each time bug fixes and security patches are included in a new minor release of your version.
The issues we’re discussing arise when minor releases are no longer made available for the version of the LMS platform you’re using. Learn more about LMS updates vs upgrades.
The best way of handling LMS security upgrades
If you’re using Moodle, the easiest way to avoid running an unsupported version of your LMS and stay up to date with security upgrades is to plan your LMS upgrades to coincide with LTS versions of your LMS.
When an LTS is released, it comes with a guaranteed support period. This is typically three years. Upgrading to each new LTS is the easiest way of minimising your number of upgrades while maximising security.
If you’re using Totara, every new major release comes with a guaranteed support period of four years. As long as you’re planning to upgrade your LMS at least once every four years you will retain full security support.
Learn more about how often you should upgrade an LMS.
Am I running an unsupported version of Moodle?
If you’re using a version of Moodle LMS or Moodle Workplace earlier than Moodle 3.11 — other than the long-term support (LTS) version 3.9 — your LMS is unsupported. Security support on Moodle 3.9 and 3.11 will end in December 2023. Check Moodle version support.
If you’re currently using Moodle 3.9, Moodle 3.11 or an earlier version, we’d recommend upgrading to Moodle 4.1 at the earliest opportunity. Doing this will guarantee a secure version of your LMS until the end of 2025.
Am I running an unsupported version of Totara?
At the time of writing, if you’re using a version of Totara earlier than Totara 12, your LMS is already unsupported. Support for Totara 12 itself is due to end in October 2023. Check Totara support end-of-life dates.
If you’re using Totara 12 or earlier, we’d recommend upgrading to Totara 17 at the earliest opportunity. Doing this will guarantee a secure version of your LMS until November 2026.
Plan your next LMS security upgrade
If you’re running an unsupported version of Moodle and Totara and would like to upgrade your LMS, or you’d like to plan the timing of your next security upgrade, please fill out the form below and we’ll be in touch.