After some research and consulting with some colleagues I've figured out a simple way to force users to use their credentials to log in after confirmation. I figured I'd share it in case anyone else wanted to use it. A word of caution; it's a bit hacky, but it works. This was done in Moodle 2.9.3 so it may be slightly different in other versions. I simply commented out line 88 in "confirm.php" located in the directory moodle/login. Then I added two lines immediately after. The modified lines 88-90 would read:
// redirect($goto);
require_logout();
redirect("$CFG->wwwroot/");
This logs the user out after they are confirmed, then redirects them to the landing/login page. This has the added benefit of preventing users who may have received a registration email erroneously from being immediately logged in.
A slightly cleaner way of redirecting the user to the login page might be:
if ( ! empty($SESSION->wantsurl) ) { // Send them where they were going.
$goto = get_login_url();
unset($SESSION->wantsurl);
redirect($goto);
}
But this isn't necessary as the root page is the login page, and I try to make as few changes to the core PHP as possible.