A site that I manage was hacked a few days ago, apparently using a password exploit. I found an entry in the web server logs showing a POST request for /wp-login.php?action=lostpassword, that I’m sure was unauthorized.
I am running 3.01 and, although the theme is old, all plugins are up to date. Does anyone know if there is a current password exploit and how it can be prevented?
- The topic ‘Password Exploit in 3.01’ is closed to new replies.