Recently, several Wikipedia admin accounts were compromised. The admin accounts were desysopped on an emergency basis. In the past, the Committee often resysopped admin accounts as a matter of course once the admin was back in control of their account. The committee has updated its guidelines. Admins may now be required to undergo a fresh Request for Adminship (RfA) after losing control of their account.
What do I need to do?
Only to follow the instructions in this message.
Check that your password is unique (not reused across sites).
Check that your password is strong (not simple or guessable).
Enable Two-factor authentication (2FA), if you can, to create a second hurdle for attackers.
How can I find out more about two-factor authentication (2FA)?
Administrator account security (Correction to Arbcom 2019 special circular)
ArbCom would like to apologise and correct our previous mass message in light of the response from the community.
Since November 2018, six administrator accounts have been compromised and temporarily desysopped. In an effort to help improve account security, our intention was to remind administrators of existing policies on account security — that they are required to "have strong passwords and follow appropriate personal security practices." We have updated our procedures to ensure that we enforce these policies more strictly in the future. The policies themselves have not changed. In particular, two-factor authentication remains an optional means of adding extra security to your account. The choice not to enable 2FA will not be considered when deciding to restore sysop privileges to administrator accounts that were compromised.
We are sorry for the wording of our previous message, which did not accurately convey this, and deeply regret the tone in which it was delivered.
XTools Admin Stats, a tool to list admins by administrative actions, has been revamped to support more types of log entries such as AbuseFilter changes. Two additional tools have been integrated into it as well: Steward Stats and Patroller Stats.
Arbitration
In response to the continuing compromise of administrator accounts, the Arbitration Committee passed a motion amending the procedures for return of permissions (diff). In such cases, the committee will review all available information to determine whether the administrator followed "appropriate personal security practices" before restoring permissions; administrators found failing to have adequately done so will not be resysopped automatically. All current administrators have been notified of this change.
Following a formal ratification process, the arbitration policy has been amended (diff). Specifically, the two-thirds majority required to remove or suspend an arbitrator now excludes (1) the arbitrator facing suspension or removal, and (2) any inactive arbitrator who does not respond within 30 days to attempts to solicit their feedback on the resolution through all known methods of communication.
Thanks for uploading File:Happy's pizza.jpg. The image description page currently specifies that the image is non-free and may only be used on Wikipedia under a claim of fair use. However, the image is currently not used in any articles on Wikipedia. If the image was previously in an article, please go to the article and see why it was removed. You may add it back if you think that that will be useful. However, please note that images for which a replacement could be created are not acceptable for use on Wikipedia (see our policy for non-free media).
The CSD feature of Twinkle now allows admins to notify page creators of deletion if the page had not been tagged. The default behavior matches that of tagging notifications, and replaces the ability to open the user talk page upon deletion. You can customize which criteria receive notifications in your Twinkle preferences: look for Notify page creator when deleting under these criteria.
Twinkle's d-batch (batch delete) feature now supports deleting subpages (and related redirects and talk pages) of each page. The pages will be listed first but use with caution! The und-batch (batch undelete) option can now also restore talk pages.
Miscellaneous
The previously discussed unblocking of IP addresses indefinitely-blocked before 2009 was approved and has taken place.
In a related matter, the account throttle has been restored to six creations per day as the mitigation activity completed.
The scope of CSD criterion G8 has been tightened such that the only redirects that it now applies to are those which target non-existent pages.
The scope of CSD criterion G14 has been expanded slightly to include orphan "Foo (disambiguation)" redirects that target pages that are not disambiguation pages or pages that perform a disambiguation-like function (such as set index articles or lists).
The Wikimedia Foundation's Community health initiative plans to design and build a new user reporting system to make it easier for people experiencing harassment and other forms of abuse to provide accurate information to the appropriate channel for action to be taken. Community feedback is invited.
Miscellaneous
In February 2019, the Wikimedia Foundation (WMF) changed its office actions policy to include temporary and project-specific bans. The WMF exercised this new ability for the first time on the English Wikipedia on 10 June 2019 to temporarily ban and desysop Fram. This action has resulted in significant community discussion, a request for arbitration (permalink), and, either directly or indirectly, the resignations of numerous administrators and functionaries. The WMF Board of Trustees is aware of the situation, and discussions continue on a statement and a way forward. The Arbitration Committee has sent an open letter to the WMF Board.
Following a research project on masking IP addresses, the Foundation is starting a new project to improve the privacy of IP editors. The result of this project may significantly change administrative and counter-vandalism workflows. The project is in the very early stages of discussions and there is no concrete plan yet. Admins and the broader community are encouraged to leave feedback on the talk page.
Since the introduction of temporary user rights, it is becoming more usual to accord the New Page Reviewer right on a probationary period of 3 to 6 months in the first instance. This avoids rights removal for inactivity at a later stage and enables a review of their work before according the right on a permanent basis.
Editors using the mobile website on Wikipedia can opt-in to new advanced features via your settings page. This will give access to more interface links, special pages, and tools.
The advanced version of the edit review pages (recent changes, watchlist, and related changes) now includes two new filters. These filters are for "All contents" and "All discussions". They will filter the view to just those namespaces.
A global request for comment is in progress regarding whether a user group should be created that could modify edit filters across all public Wikimedia wikis.
Not quite sure who I am talking to, but assuming it is Phil, thanks for the welcome! Query: The web page I had been editing froze, then I lost all my changes. Recreated them and now getting a 404 error on save attempts. It lets me review ok. Is this a software bug or because I have edited my own edits too much? Thanks, Janet Janet AG51 (talk) 05:34, 26 September 2019 (UTC)[reply]
Following a discussion, a new criterion for speedy category renaming was added: C2F: One eponymous article, which applies if the category contains only an eponymous article or media file, provided that the category has not otherwise been emptied shortly before the nomination. The default outcome is an upmerge to the parent categories.
Technical news
As previously noted, tighter password requirements for Administrators were put in place last year. Wikipedia should now alert you if your password is less than 10 characters long and thus too short.
Thanks for deleting those articles made by LP301, but a new account named LPO301 appears to be copying mainspace articles into draftspace and is probably a sock of LP301. Could you delete those and potentially block the accounts? Thanks, CalOtter (talk) 15:40, 13 October 2019 (UTC)[reply]
Namaste, PhilKnight. We would like to inform you about the recent changes to the WikiProject. As you may know, the old newsletter for WikiProject India ceased circulation in 2010. Now we have re-launched the newsletter in a new way. As a member, you are cordially invited to subscribe to the newsletter. Thank you.
