Login Link Removal & Updated Access Instructions
Policy Change Announcement
Overview of the Changes
As part of ongoing efforts to strengthen the security of the UCLA Health Sciences Web Platform, we are making an important update to how editors access their sites.
What’s Changing
- The login link previously displayed in the footer of every site is being removed.
- The Web Platform Training site will also no longer display direct login links.
- All publicly visible login URLs are being phased out across the platform.
- The test site will now be password-protected.
Where Users Should Now Go:
Moving forward, editors should use the following two resources to access or locate information about their sites:
The Box note provides login guidance, and step-by-step instructions for editors.
The Site Directory is now the centralized and secure way for editors to find their individual site login pages.
How to Log In
- Find your site in the Web Platform Site Directory (Labs, Departments, School of Medicine).
- Click your site’s login link.
Importance of the Update
Publicly accessible login links, especially when placed in predictable or highly visible locations like footers, create unnecessary security risks. When login endpoints are easy to locate:
- Automated bots can repeatedly try to guess passwords.
- Attackers can target known login paths to attempt brute-force or credential-stuffing attacks.
- The platform’s overall “attack surface” becomes larger than necessary.
By removing centralized, universally visible login links, we reduce exposure and make it significantly harder for unauthorized users to identify login entry points. This update aligns with industry best practices, including:
- Limiting direct access to login forms
- Avoiding predictable login URLs on public-facing pages
- Encouraging users to access login portals through secure, vetted directories
These measures help protect both the platform and its editors while maintaining a seamless workflow for those who are authorized to log in.
Implementation Timeline
These security updates will go into effect on December 15. We encourage all site editors to review the new process ahead of December 15 to ensure a smooth transition.
Additional Resources
Co-working Sessions
Register for the next Co-working Session for answers to your questions about this update.
Related Articles
Image Syncing Issue Resolved on the Events Hub
Users can crop or replace a featured image within the Events Hub, and those changes will sync across all connected sites.
Consolidating Quote Components
We are consolidating the Quote component and Media Quote component into a single, unified quote component—with an optional image field.
Event Body Images Now Display Correctly
A fix has been implemented to address a bug: images embedded in the body of event descriptions will now display correctly moving forward.
Retiring the Tabs Component
To streamline our component library, we are retiring the tabs component. We will replace all existing tabs components with accordion components.