ThemeLab's Blog

Stay up to date with our newest WordPress themes, WordPress plugins, WordPress tutorials, and other announcements.

WordPress 2.8.3 Security Fix: Admin Password Reset

Last Updated on by

Just found out about a potentially annoying WordPress 2.8.3 security issue. Basically, anyone can reset your admin password without any confirmation. This could be a major annoyance if someone decides to reset your admin password constantly.

I just tested this (on one of my own test blogs, of course) and it actually works. After anyone visits the URL, it sends the new password to your e-mail address. If you’re in the middle of doing something in your admin panel, you may have to login again.

Luckily it’s just a one line fix, which you might want to implement if some annoying person thinks it’s funny to reset your password. WordPress 2.8.3 was just released a little more than a week ago. Do I hear a WordPress 2.8.4 coming soon?

If this happens to you, and for some reason you don’t receive an e-mail with the new password and find you can’t login to your blog, you might want to look into resetting your WordPress password through phpMyAdmin.

  • RandallB.

    Oh Joy now I get to worry about this?

    Very interesting that they would do not make sure for something like this.

  • Leland

    @RandallB: These kinda things happen sometimes. Since this is an open source project, anyone can find and fix these problems. Hopefully an official fix will be released soon.

  • Detoam

    Thank You for the tip. One of my blogs was recently hacked in. Strangely all that someone did was create a few posts. Still can’t figure out why.

  • Leland

    @Detoam: No problem. Sorry to hear your blog was hacked. Are you sure all they did was create a few posts? Do you know how they hacked in the first place?

  • Detoam

    I never did figure out how they hacked in, but yeah all they’ve done was make a few posts. I ended up reinstalling the blog completely to make sure I removed all that I might have missed.