Beginner's Guide for WordPress - Start your WordPress Blog in minutes.
Choosing the Best
WordPress Hosting
How to Easily
Install WordPress
WordPress Plugins
View all Guides

WordPress 2.8.4 – A Crucial Security Release

Last updated on by
Special WordPress Hosting offer for WPBeginner Readers
WordPress 2.8.4 – A Crucial Security Release

Yesterday, WPBeginner was facing some hacker attack. It was users trying to reset the password, but thankfully they could not get the random password because the site is not using the default admin user. But nonetheless it was an annoying thing to deal with. Hackers kept trying to reset our password and we had to deal with it for six times until we added more security layers.

Update: Apparently there were some miscommunication in this post which makes the issue look a bit more frightening. The hacker must use an email or the user that is being used to reset the passwords. One of our mistake was that we used the same email we were using to respond to the questions asked by our users. Which is what probably compromised the security even more.

WordPress was reported of this security issue, and once again their quick support has released a new version with security fixes.

As said on WordPress Blog:

Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.

We strongly recommend you to upgrade to this version of WordPress as soon as possible and avoid this issue. To upgrade, you should go to Tools > Upgrade in your Admin Panel and upgrade to WordPress 2.8.4.

Editorial Staff at WPBeginner is a team of WordPress experts led by Syed Balkhi. Page maintained by Syed Balkhi.

WPBeginner's Video Icon
Our HD-Quality tutorial videos for WordPress Beginners will teach you how to use WordPress to create and manage your own website in about an hour. Get started now »

Add a Comment

We're glad you have chosen to leave a comment. Please keep in mind that all comments are moderated according to our comment policy, and all links are nofollow. Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.