Logging into WordPress Wesbites (Security & Standards)


All sites under UT Health San Antonio will use your UT Health San Antonio username and password (LDAP Authentication). If your password is updated through IMS, then you will need to use your new password on all WordPress sites as well.


Brute Force Prevention (403 Forbidden)

To prevent hackers from guessing your password and using it to deface public websites (Brute Force Attacks), we have implemented a limit of 3 failed login attempts before having your IP address blocked. This means if you type in your username and password wrong 3 times in a row, you will see the following 403 Forbidden screen. Since implementing this feature in 2020, our security plugin has blocked over 50,000 IP Addresses that were trying to gain access (brute force) to our websites in WordPress.

If you have been blocked out of a WordPress website, please submit a service request in order to regain access. Also, please include the IPV4 address that is being blocked.


DUO2FA (Coming March 2022)

While preventing 3 failed login attempts will help prevent Brute Force attacks, this does not prevent hackers from using compromised credentials to login to a UT Health website (Phishing Prevention). To prevent our websites from being compromised by phishing attacks, we are implementing Duo2FA. To learn more about what Duo is, please visit Information Securities FAQ page for Two Factor Athentication.

Getting Started with Duo2FA


Print Article


Article ID: 92055
Tue 2/8/22 11:10 AM
Tue 2/8/22 11:19 AM