From what I've read about automated attacks targeting WordPress, it looks like UF sites using Shibboleth for authentication wouldn't be vulnerable to these kinds of attempts. (It does confirm that having a default 'admin' user with 'admin' as the password is always a bad idea, though)
Does anyone think there's a need to go beyond Shibboleth as a best practice? For example, limiting access to the dashboard to campus/VPN users?
Just throwing it out there...discuss...
IT Expert / Web Developer
College of Liberal Arts and Sciences IT
University of Florida