I find it kind of strange that it’s possible to change a user’s password without entering the old one. My site was hijacked a week or so ago because someone used an IE cache to log into WP, and then was able to change my passwords out from under me…
Most other software requires you to know the old password before you can change to a new one. Might not be a bad thing to put in.
- The topic ‘Password Security Hole’ is closed to new replies.