Title: Security issue – admin password changed Last modified: August 19, 2016 --- # Security issue – admin password changed * Resolved [aquel](https://wordpress.org/support/users/aquel/) * (@aquel) * [16 years, 10 months ago](https://wordpress.org/support/topic/security-issue-admin-password-changed/) * Hi guys, * I’m using the latest **wordpress** version since a couple of weeks. I received today 15 emails in a very short time telling me that the admin password was changed to XXX (different password each time). I checked very quickly and indeed admin password was changed. I didn’t even try to understand I just did a “Deny from all” in Apache. THIS IS WEIRD ! There are 3 administrators in this blog: – the default “admin” account – “axel” which is me – “matt” who is a good friend of mine and he didn’t update any password. * I tried by myself to restore the password and I received a “Please confirm your choice” email which means there is a confirmation step. How come someone has changed the admin password? The admin email is mine, nobody else has the password. Isn’t there any security issue? * Cheers * PS: I use the Private WP plugin * Axel Viewing 3 replies - 1 through 3 (of 3 total) * Thread Starter [aquel](https://wordpress.org/support/users/aquel/) * (@aquel) * [16 years, 10 months ago](https://wordpress.org/support/topic/security-issue-admin-password-changed/#post-1174792) * up ! * Moderator [Jan Dembowski](https://wordpress.org/support/users/jdembowski/) * (@jdembowski) * Forum Moderator and Brute Squad * [16 years, 10 months ago](https://wordpress.org/support/topic/security-issue-admin-password-changed/#post-1174793) * Down. * That sounds familiar: * [http://wordpress.org/development/2009/08/2-8-4-security-release/](http://wordpress.org/development/2009/08/2-8-4-security-release/) * > Yesterday a vulnerability was discovered: a specially crafted URL could be > requested that would allow an attacker to bypass a security check to verify > a user requested a password reset. * Upgrade to 2.8.4, wp-login.php was updated (where the problem is) as well as the version numbers in wp-includes/version.php and readme.html. * Thread Starter [aquel](https://wordpress.org/support/users/aquel/) * (@aquel) * [16 years, 10 months ago](https://wordpress.org/support/topic/security-issue-admin-password-changed/#post-1174795) * Ok upgraded ! Cheers * Axel Viewing 3 replies - 1 through 3 (of 3 total) The topic ‘Security issue – admin password changed’ is closed to new replies. ## Tags * [password](https://wordpress.org/support/topic-tag/password/) * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) * 3 replies * 2 participants * Last reply from: [aquel](https://wordpress.org/support/users/aquel/) * Last activity: [16 years, 10 months ago](https://wordpress.org/support/topic/security-issue-admin-password-changed/#post-1174795) * Status: resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics