The WordPress team have just announced that the 4.3 release of the massively popular blogging and content management software has been released to the public.

While there are some interesting new usability features, the WordPress team have also released a new security feature that deals with the way passwords are reset.

The new and improved approach to managing password resets involves sending a password reset link that has a 24-hour expiry window to users who need to reset their passwords as opposed to receiving a password via email and users will now also receive e-mail notifications in the event that an e-mail address or password is changed.

In addition, when new users are added to a WordPress site running 4.3, WordPress will automatically generate a secure password for that user. This means that users start out with a strong password by default and they then have the option to keep it or change it. A password strength meter helps users gauge the strength of their chosen password as well as the option to hide your password from prying eyes while setting it.

While these may seem like minor features, weak passwords continue to be an issue amongst WordPress users. With an ever-increasing rate of password guessing attacks targeting the WordPress ecosystem, features that help users create secure passwords and better maintain their account’s security are always welcome.

It is strongly suggested to stay up-to date with the latest WordPress releases. You can find more information on how to update your WordPress installation and why it’s important here.

Ian Muscat

Ian Muscat used to be a technical resource and speaker for Acunetix. More recently, his work centers around cloud security and phishing simulation.