Moodle recognises that much of the teaching and learning experience for our users happens through integration with third-party tools. As creators of open-source software, one of our greatest strengths is flexibility—you can pair Moodle with the tools that best meet your unique learning needs. For example, if your training relies on peer learning, Moodle’s open architecture allows you to seamlessly connect with the solution that excels in that area.
Our Certified Integrations Program ensures that every third-party integration (either plugin or an LTI solution compatible with Moodle) meets Moodle’s rigorous standards for user experience, reliability, security, and performance.
Before a new solution joins the Certified Integrations family, it undergoes a thorough evaluation across five key aspects:
1. User experience
Moodle evaluates the integration’s interface design, navigation flow, accessibility, and overall usability. The goal is to provide an intuitive, engaging experience that aligns with Moodle’s own user experience design.
2. Coding Standards
When an integration is implemented as a custom plugin, in addition to the user experience and accessibility, Moodle also evaluates the quality of the code itself.
We follow the publicly available plugin contribution checklist to provide detailed feedback aimed at enhancing the plugin’s quality. Through peer reviews and rigorous evaluation, we offer insights and recommendations to ensure the plugin meets the highest standards for performance, security, and data management.
While Moodle Plugins Directory already enforces basic security requirements, Certified Integrations undergo a broader validation, which includes careful review of Moodle’s coding guidelines.
We often see recurring technical issues during plugin reviews. To help developers avoid these, we highlight the five most common errors and how to prevent them:
a. Privacy
The Privacy API must be implemented to inform users about all personal data processed by the plugin.
b. Third party libraries
All additional files contained in the plugin ZIP package (such as third-party libraries used by the plugin) should be defined in the thirdpartylibs.xml. The link below shows the correct format. https://moodledev.io/docs/apis/commonfiles#thirdpartylibsxml
c. User input
User input cannot be trusted directly; never access $_GET, $_POST, or $_REQUEST raw. Always sanitize using optional_param or required_param with the appropriate PARAM_… type.
d. Cross-DB compatibility
To make the plugin cross-database compatible, please avoid DB engine-specific syntax. Please use the Moodle data manipulation API to avoid problems.
More specifically, the use of database engine-specific functions in SQL queries is not recommended.
e. Database security
Prevent SQL injection by using placeholders (? or :named) for all user-supplied data in queries.
By addressing these areas — among many others reviewed during the process — Moodle ensures that certified plugins are thoroughly assessed, robust, secure, and fully compatible with its ecosystem, providing a reliable foundation for users and developers alike.
-> Our documentation contains more information on coding best practices for plugins (see the Plugin Contribution guidelines: https://moodledev.io/general/community/plugincontribution).
3. Business practice
Certified Integrations connect Moodle to a variety of tools and services. We prioritise companies that are stable, reliable, and committed to long-term product support. To gauge this, we evaluate the company’s track record, size, and achievements, ensuring they can maintain and grow their product while supporting your teaching and learning experience.
4. Support process
Moodle collaborates closely with integration developers, providing feedback on code, functionality, and UX, along with code snippets, optimisations, and guidance. This ensures certified integrations are robust, maintainable, and aligned with Moodle’s standards. Our goal is to collaborate closely with the team to enhance the overall quality and performance of the integration.
5. Testing
Certified integrations undergo extensive testing across Moodle versions, operating systems, browsers, and devices to ensure seamless performance, meeting the same high standards as Moodle’s own code.
Summary: Each Moodle Certified Integration reflects a rigorous quality assurance process, ensuring third-party tools are reliable, secure, high-performing, and seamless for users. It is rigorously reviewed and approved by Moodle product experts, earning the official Moodle Certified Integration mark — a visible and recognised badge of credibility and trust.
