Since a few hours, a new security loophole has been discovered in WordPress 2.8.X. This problem allow anyone to reset your admin password. Creepy, isn’t it? Don’t panic, just read on to solve the problem.
As I just said, a new security loophole has just been discovered and it allow anyone to be able to reset your blog admin password. The "hacker" will not get your password (it will be emailed to you) but this can be pretty annoying.
Open the wp-login.php file (It is located in WordPress root directory) and go to line 190. You'll find this line:
if (empty($key))
Simply replace it by the following and save the
if(empty($key) || is_array($key))
For more info about the security loophole, you should read this post.
Leave a Comment
WP Theme of the week
WPRecipes.com is hosted by VidaHost. Use our exclusive coupon CATSWHOCODE to get a 10% discount on hosting! 
On Twitter : Clean, stylish and modern WordPress theme, ideal for any business, creative, freelancer, photography or designer.
http://t.co/3Qhd8crRny
Copyright © 2008 - 2013 WordPress Development by Jean-Baptiste Jung. Graphic art by GreenBubbles.org.ua, all right reserved.
2 Responses
I was searching for this code all over the net and got it here!
Thank you very much for this tip. I encountered this bizarre problem/hack two days ago, when i got my pass reset 5 times. I’m hoping this will solve the problem…
Trackbacks: