August 12th, 2009

If you don’t know by now, WordPress 2.8.4 has hit the public and it addresses a mild but hugely annoying issue. There was no advanced warning regarding the vulnerability but it was quickly patched in the core of WordPress for the next release. Unfortunately, word quickly spread and in fact, even my site WPTavern.com was affected by the problem as I received an email letting me know what my new password was even though I didn’t request one. Here are the details regarding the annoyance: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is […]

Reset WP Password Manually

responses

Jeff Chandler

April 26th, 2008

General, WordPress

Although there were over 80 security/bug fixes in WordPress 2.5.1, there was one thing that crept up immediately following the release. According to numerous reports by individuals and a ticket filed in the WordPress Trac when a user resets their password, the password reset link received in the email does not work. The error message that is received looks like this “Sorry, that key does not appear to be valid.” This bug has already been fixed and will be included in WordPress 2.5.2. However, if you are having issues with the reset link right now, you can read this post by Ryan McCue on how to Reset your WP Password Manually through phpMyAdmin. [EDIT] Ryan has included the files which contain the patch that you can download here

[Continue Reading...]

Posts Tagged ‘passwords’

The Correct Way To Report A Security Issue With WordPress

Reset WP Password Manually

About the Author

Recent Posts

Categories