Tuesday, July 22, 2014
Home > Others > A huge security issue with wordpress and how to tackle it.

A huge security issue with wordpress and how to tackle it.

This post is only meant for people who use wordpress or those who are interested in starting wordpress based website or a blog. WordPress is an amazing and highly user friendly platform, creating and developing a website is nothing more than creating and formatting a word document. After the stable release of 2.7 series in wordpress the new version of 2.8 came out.

Though the admin panel of this version is really good and easy to use than the older versions, there was a very serious security lapse.  Anyone can reset the admin password and start to play around with your site, the bigger your site is, more vulnerable it is.

Now few may have the experience of losing their password and recovering from the “Forgot password” option in wordpress. Here the problem is if a hacker is resetting the password, then you cannot recover it that way.

How a hacker can do this? Anyone can reset the password by the following url in the browser URL (http://www.domain.com/wp-login.php?action=rp&key[]=). Instead of domain.com they will type in the domain name of the victim. This will reset the password and can never be retrieved by the conventional way.

The way out:

How to overcome if you come across such an issue?

This can be done using phpMyAdmin. If you are having a hosting with cpanel, you have direct access to phpMyadmin through the Control Panel, and if you host is not having this feature (most of them have, but if you are running your site through a free host then you may need a script). phpMyAdmin is just a PHP script, and the purpose of it is to administer all your mysql databases. Since all you files, your settings, posts, comments, web content and passwords are saved in the databases, you can have direct access to those through phpMyAdmin.

If you are a CPanel User, all you need to do is click on the phpMyAdmin icon and go to your admin panel. Select the database of your wordpress site. There in the left side bar, there will be an option named wp-users. In that lookout for admin (it will be in the user login column) and click on the edit button (to identify the edit button, lookout for a pencil shaped icon). Now edit the  wordpress admin password

The next row which is the user_password row, change the value to 5f4dcc3b5aa765d61d8327deb882cf99 and then click the Go button.

Yeah, You have now successfully reset the password. Now to access your backend, go to

www.yourdomainname.com/wp-admin

and then give the following username and password.

Username: admin

Password: password

Now you know what you have to do. Yes, reset the password, go to Users à Your Profile à Set a new password.

How to prevent similar problems from happening again? Simple, update your wordpress. The 2.8.5 version is stable and the security issue has been fixed. Login in to your wordpress site and check immediately if  you have the latest version of wordpress, if not update it immediately. It is very easy to update (at the top of your admin panel you will get a notification reading update your site to wordpress 2.8.5, all you need to do is click on the link and wordpress will update itself).

Happy Blogging.

About Ajithkumar

I am Ajithkumar. An entrepreneur and a karma yogi, who lives by the principles of Mark Twain; who said "Twenty years from now you will be more disappointed by the things that you didn't do than by the ones you did do". So I do Whatever I feel like with a willingness to accept responsibility for my actions. Connect with me on Google+
Copy Protected by Chetans WP-Copyprotect.