Ok, for possibly the first time ever, I’m actually a little annoyed with the WordPress developers. WordPress 2.5.x has a known bug pertaining to users not being able to reset their passwords because of invalid links being generated. The short-term solution has been for the admin to log into the database and manually change the passwords. Trouble is, I have about 30 WordPress installations running on my server, and most of them have multiple users, all of which have needed to change their passwords (thanks to the recent hacker). I’ve been waiting and waiting for WordPress 2.5.2 to be released with a fix for the problem, and then just yesterday I saw that WP 2.6 Beta 1 is out with a 2.6 final release slated for mid-July. I guess this means that 2.5.2 is being skipped completely.
What irritates me about this is that this password reset issue has been known for weeks now, and there’s been virtually no word from the developers on it. Several guys have mentioned the manual reset fix, which, yes, I’ve already done to shore up the security holes. But when my users want to change their passwords, they have to contact me, which ends up being a hassle for all involved. It just would have been nice to have a patch released for this issue a long time ago, instead of having to wait for WP 2.6 to be released with, hopefully, a fix for the bug.