Hello Dear Friends,
A security hole was found in the Wordpress 2.8.3 version and all the previous versions. First of all, I’f you haven’t already updated to 2.8.4, you better do it NOW
The Problem
Basically in order to reset your Wordpress password, you click on “Forgot Your Password” and you add your details (if you know them). Someone found a way to immediately reset the password without even adding any of the key values.
The code used to do this is:
http://www.domainname.com/wp-login.php?action=rp&key[]=
You simply change the domainname.com with the one you want to reset and VOILA .. Check your email for confirmation
The Solution
There is already a solution provided officially by Wordpress so all you have to do is update to the latest version (2.8.4)
Conclusion
This doesn’t hurt you at all, its more something which annoys you (because you wont be able to login with your old password) and all you have to do is login with the new password provided and change it back to your old password or a new more secure password
Regards
Olgi
Category: News
Man, I’m glad I upgraded mine.
Whilst not a security risk this can get very annoying is people are doing this to you frequently. Updating WordPress is obviously the best solution but you may want to check out the advice given on Matt Cutts blog regarding securing WordPress blogs. He gives details of how to use the .htaccess file to protect the wp-admin folder of WordPress. This could also fix the above problem.
I will be visiting more often as you have done a good job, keep going..