WordPress 2.8.3 Security Fix: Admin Password Reset

Just found out about a potentially annoying WordPress 2.8.3 security issue. Basically, anyone can reset your admin password without any confirmation. This could be a major annoyance if someone decides to reset your admin password constantly.

I just tested this (on one of my own test blogs, of course) and it actually works. After anyone visits the URL, it sends the new password to your e-mail address. If you’re in the middle of doing something in your admin panel, you may have to login again.

Luckily it’s just a one line fix, which you might want to implement if some annoying person thinks it’s funny to reset your password. WordPress 2.8.3 was just released a little more than a week ago. Do I hear a WordPress 2.8.4 coming soon?

If this happens to you, and for some reason you don’t receive an e-mail with the new password and find you can’t login to your blog, you might want to look into resetting your WordPress password through phpMyAdmin.


About the editorial team

Editorial Team at IsItWp is a team of WordPress experts led by Syed Balkhi.