Do you have multiple Wordpress self-hosted blogs? If so, you've likely run into a scenario where you just can’t remember your password. With Wordpress 2.5 and 2.5.1 there’s an annoying bug that sometimes generates passwords that don't work when you click the "Forgot Password" option. [...] Wordpress resets the password internally (in the MySQL database) but the link that it sent you to activate that password fails to connect with the database effectively locking you out of your blog. In this scenario, at least for me, all the potentially viable solutions lead to dead ends.

His six step process involves an external script (use with caution, especially before you read the source) that reaches into your WordPress install and updates your admin account and sends out an email with the resulting password.

If you're a wordpress power user, you'll inevitably have some questions about how you can improve your blog or add new features. Here are five tips that will make life easier for people wanting to maximize their use of Wordpress.

The list is:

• Quickly Find Page/Post ID
• Custom Front Page
• Password Protect Wordpress
• Protect from the 'Digg Efect' with HTML
• Stop Hackers

Each of them with their own explanations (and links to other resources detailing how they're done).

Anyone who gets me liquored up knows that I'm not a fan of Wordpress. I think it's great from a user (that is, the person writing the content) standpoint, but it has lagged behind severely in terms of security, and I don't believe its popularity is the sole reason WP has been the subject of dozens of vulnerability reports every year. That being said, the WP 2.5 release appears to offer significant improvements in a couple areas: password hashes and cookie data encryption.

He mentions two things in particular - their addition of salted passwords and secure cookies.

I just wanted to document this for easy future reference but if you don't want to hook up a complex user adminstration with authorization components, you can simply specify that the admin path be password protected in either your .htaccess file or in your httpd.conf.

This method is actually one of the built-in methods Apache has for restricting access (http authentication) that he's placed on his "/admin" directory. Call htpasswd to create the password file and you're all set to go.