Beginner's Guide for WordPress / Start your WordPress Blog in minutes

WordPress 2.8.4 – A Crucial Security Release

Yesterday, WPBeginner was facing some hacker attack. It was users trying to reset the password, but thankfully they could not get the random password because the site is not using the default admin user. But nonetheless it was an annoying thing to deal with. Hackers kept trying to reset our password and we had to deal with it for six times until we added more security layers.

Update: Apparently there were some miscommunication in this post which makes the issue look a bit more frightening. The hacker must use an email or the user that is being used to reset the passwords. One of our mistake was that we used the same email we were using to respond to the questions asked by our users. Which is what probably compromised the security even more.

WordPress was reported of this security issue, and once again their quick support has released a new version with security fixes.

As said on WordPress Blog:

Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.

We strongly recommend you to upgrade to this version of WordPress as soon as possible and avoid this issue. To upgrade, you should go to Tools > Upgrade in your Admin Panel and upgrade to WordPress 2.8.4.

Disclosure: Our content is reader-supported. This means if you click on some of our links, then we may earn a commission. See how WPBeginner is funded, why it matters, and how you can support us.

The Ultimate WordPress Toolkit

Get FREE access to our toolkit – a collection of WordPress related products and resources that every professional should have!

Reader Interactions


  1. Congratulations, you have the opportunity to be the first commenter on this article.
    Have a question or suggestion? Please leave a comment to start the discussion.

Leave A Reply

Thanks for choosing to leave a comment. Please keep in mind that all comments are moderated according to our comment policy, and your email address will NOT be published. Please Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.