X

WordPress 2.8.3 Security Fix: Admin Password Reset

Just found out about a potentially annoying WordPress 2.8.3 security issue. Basically, anyone can reset your admin password without any confirmation. This could be a major annoyance if someone decides to reset your admin password constantly.

I just tested this (on one of my own test blogs, of course) and it actually works. After anyone visits the URL, it sends the new password to your e-mail address. If you’re in the middle of doing something in your admin panel, you may have to login again.

Luckily it’s just a one line fix, which you might want to implement if some annoying person thinks it’s funny to reset your password. WordPress 2.8.3 was just released a little more than a week ago. Do I hear a WordPress 2.8.4 coming soon?

If this happens to you, and for some reason you don’t receive an e-mail with the new password and find you can’t login to your blog, you might want to look into resetting your WordPress password through phpMyAdmin.

Comments   Leave a Reply

  1. @Leland
    I never did figure out how they hacked in, but yeah all they’ve done was make a few posts. I ended up reinstalling the blog completely to make sure I removed all that I might have missed.

  2. @Detoam: No problem. Sorry to hear your blog was hacked. Are you sure all they did was create a few posts? Do you know how they hacked in the first place?

  3. Thank You for the tip. One of my blogs was recently hacked in. Strangely all that someone did was create a few posts. Still can’t figure out why.

  4. @RandallB: These kinda things happen sometimes. Since this is an open source project, anyone can find and fix these problems. Hopefully an official fix will be released soon.

  5. Oh Joy now I get to worry about this?

    Very interesting that they would do not make sure for something like this.

Add a Comment Cancel reply

We're glad you have chosen to leave a comment. Please keep in mind that all comments are moderated according to our privacy policy, and all links are nofollow. Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.

WordPress Launch Checklist

The Ultimate WordPress Launch Checklist

We've compiled all the essential checklist items for your next WordPress website launch into one handy ebook.
Yes, Send Me the Free eBook!