WordPress.org

Ready to get started?Download WordPress

Forums

Password Security Hole (3 posts)

  1. bbrainerd
    Member
    Posted 8 years ago #

    I find it kind of strange that it's possible to change a user's password without entering the old one. My site was hijacked a week or so ago because someone used an IE cache to log into WP, and then was able to change my passwords out from under me...

    Most other software requires you to know the old password before you can change to a new one. Might not be a bad thing to put in.

  2. Please submit all security concerns through the proper non-public channels.

    http://codex.wordpress.org/Submitting_Bugs#Reporting_security_issues

  3. chaaban
    Member
    Posted 8 years ago #

    if they have access to your account it mean you allready got hijacked , its not the fact that a user have to enter the old pass that will solve this prob .

Topic Closed

This topic has been closed to new replies.

About this Topic