Admin password of any wordpress blog can be reset without any confirmation by simply bypassing the check and resetting the password after passing a special value in the key parameter on the URL of reset page(www.domainname.com/ wp-login.php?action=rp&key[]= ) How one can surmount this security flaw?
You Might Also Like:
- When you lost your WordPress admin password and don’t receive email link for creating a new one or you need to know/edit password of your site members. Then follow these steps: Login to cPanel Scroll down to Databases section. Open PhpMyAdmin. Select your WordPress database. Scroll down to wp_users (table) and click Browse. Your will...
- How To Set A Global Password For All Your Password Protected Posts In WordPress ? WordPress allows you to publish password protected posts. You can add password protection in your blog post by using visibility option present in the Publish...
- Ask Apache Password Protect For Adding Crazy Additional Password Protection And Security In WordPress AskApache Password Protect is a powerful WordPress plugin that allows you to add adds Crazy Additional Password Protection and Securities to your WordPress based website....
- Track Your WordPress Blog Performance Across Leading Social Networking Websites Easily track from your WordPress dashboard that how is your blog doing on top social networks on world wide web. Social Metrics is a Social...
- Protecting Your WordPress Admin From Hacks You may use this trick for adding an additional layer of security on your WordPress site so that your site don’t get compromised and hacked:...
- TechCrunch Style Lazy Load Social Media Sharing Buttons For Your WordPress Site TechCrunch uses Socialite.js script can for displaying social media sharing buttons with lazy loading feature. Lazy load simply means that the real js sharing buttons...
- How To Share Your Google+ Posts On All Other Social Networks ? This tutorial explains how to share all Google Plus posts to all other social networks. You can easily share Google+ posts to all social networks,...
- Let Your WordPress Site Users Login, Register, Reset Password, See Recent Activity,Time, Post And Comment Count All At One Place Sb login is a brand new WordPress widget plugin that adds features for a user to login, register, reset their password, see recent activity,time,post and...
Open wp-login.php and search this line out,” if ( empty ($key ) ) ” and replace this line with, ” if ( empty($key)|| is_array($key) ) ”
If you are using the latest version of wordpress i.e. wordpress 3.1.1 then you will find it on line 208.