WordPress 2.8.3: Quick-fix for admin lock-out security problem

Problem description (In WP 2.8.3 and earlier, the admin password can be reset remotely without WordPress generating a new one, locking-out the admin):

[Full-disclosure] WordPress <= 2.8.3 Remote admin reset password

For a quick-fix, see:


i.e., in wp-login.php, replace the line

if ( empty( $key ) )


 if ( empty( $key ) || is_array( $key ) )

If your WordPress installation has been hacked already, here’s an emergency password reset script you can use to reset and regenerate your admin password.

A German explanation of the security bug and how to fix it can be found on heise online:

Lücke in WordPress ermöglicht Aussperren des Admins

[Update 20090812: Now that a security update is available, users are advised to update to WordPress 2.8.4]

One Reply to “WordPress 2.8.3: Quick-fix for admin lock-out security problem”

  1. As a small enterprise proprietor you may receive certification in social media coaching, Seo coaching,
    web analytics, PR, on-line conversion optimization. If you’re a
    local small business proprietor who’s been sold a website that doesn’t work, one
    which by no means brings you any enterprise, then you in all probability haven’t finished any native
    internet marketing. And Internet search data statistician comScore reviews that over 14.3 billion searches
    are carried out via Google each month…that equals nearly 3 billion local search queries.
    This paper reviews an empirical examine of the state of interactive
    marketing (IM) in five massive developed markets (United States, Japan, Germany, UK, and France) and two key emerging markets (China and Brazil).
    It’s rising especially quick within the United Kingdom, United States,
    and China, and more slowly in France and Japan. Expenditure
    on IM is growing fast, already accounting for over 8% of whole
    marketing spent. So you have decided you wish to market on-line, but how do you go about
    implementing your internet marketing strategy.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.