ThemeLab's Blog

Stay up to date with our newest WordPress themes, WordPress plugins, WordPress tutorials, and other announcements.

WordPress 2.8.3 Security Fix: Admin Password Reset

Last Updated on by

Just found out about a potentially annoying WordPress 2.8.3 security issue. Basically, anyone can reset your admin password without any confirmation. This could be a major annoyance if someone decides to reset your admin password constantly.

I just tested this (on one of my own test blogs, of course) and it actually works. After anyone visits the URL, it sends the new password to your e-mail address. If you’re in the middle of doing something in your admin panel, you may have to login again.

Luckily it’s just a one line fix, which you might want to implement if some annoying person thinks it’s funny to reset your password. WordPress 2.8.3 was just released a little more than a week ago. Do I hear a WordPress 2.8.4 coming soon?

If this happens to you, and for some reason you don’t receive an e-mail with the new password and find you can’t login to your blog, you might want to look into resetting your WordPress password through phpMyAdmin.


Leland Fiegel was the original founder of ThemeLab. He is a web developer who loves WordPress and blogging.