Just for Kicks

There’s an important security update for WordPress that allows an attacker to reset your admin password. Better upgrade.

It isn’t a big problem in the sense that your new password is emailed to you in the email account you used when you set up WP, but it can be very annoying. I’m not sure if protecting your WordPress admin directory will help you, since the vulnerable wp-login.php script is outside that directory, so it’s better to just upgrade.