Since a few hours, a new security loophole has been discovered in WordPress 2.8.X. This problem allow anyone to reset your admin password. Creepy, isn’t it? Don’t panic, just read on to solve the problem.
As I just said, a new security loophole has just been discovered and it allow anyone to be able to reset your blog admin password. The "hacker" will not get your password (it will be emailed to you) but this can be pretty annoying.
Open the wp-login.php file (It is located in WordPress root directory) and go to line 190. You'll find this line:
if (empty($key))
Simply replace it by the following and save the
if(empty($key) || is_array($key))
For more info about the security loophole, you should read this post.
If you enjoyed this article, please consider sharing it!
Leave a Comment
- Neatothemesget 20% off every theme […]
- WordPress Defendersave $4 on your purchase […]
- Templaticsave 20% on your purchase […]
- Squeeze Themeget 25% off your order […]
- Canvas ThemeGet 25% off the Canvas theme […]
- WPShiftsave 10% on your order […]
- ModThemessave 15% off your purchase […]
- Zidalgo Themessave 20% on your order […]
- WooThemessave 20% on your purchase […]
- Autobloggedsave $40 on multi-site licence […]
On Twitter : An easy way to get a WordPress blog up & running? http://bit.ly/cztBkU #wordpress #wp (via @pressmojo)
Theme & content : Copyright © 2008 - 2010 Jean-Baptiste Jung. Graphic art by GreenBubbles.org.ua, all right reserved.
18 Responses
WP 2.8.4 is out and fixes this.
This is not enough:
http://core.trac.wordpress.org/changeset/11804
word.
@All: Yes, some new info has been released since I wrote this recipe. As rarst said, version 2.8.4 is out and solve the problem, so you should definitely upgrade.
The number of security releases lately is just ridiculous! WordPress needs to get their act in gear.
Hi, should we change username default “admin” to another name?
@Ben Cook
I think patching security vulnerabilities promptly is acting in a good way. Would you prefer some other reaction to security issues?
@Rismaka
Yep, getting rid of default admin account is one of the most common WP security tips.
i have change my wp version more than 2 times this weeks..
before i change to 2.8.3 it has been 2.8.4 avaliable
Hackers are real disaster. I spend a lot of time on the internet and with masters for repair computers because hackers constantly destroy me. I’m interested in what hackers have benefit from their work.
Short helpful tip. I think upgrading to new version is always beneficial but also you can safeguard your site by implementing some codes in .htaccess especially blocking other IPs and only allowing yours.
i had some problems with hackers.
i will use this also in my wordpress blog. thank you
Trackbacks: