Incorrect “Widget Logic team security recommendation”

niska
(@niska)

9 years, 3 months ago

I get this message at the top of all my admin-pages:

“Widget Logic team security recommendation: It appears your site might NOT be currently protected against login attacks. This is the most common reason admin login gets compromised. We highly recommend installing Limit Login Attempts Reloaded plugin to immediately prevent this.”

Why does Widget Logic give me this info? Is it some kind of scam? I don’t want to install Limit Login Attempts Reloaded. I already have very good protection against login attacks…

Viewing 15 replies - 1 through 15 (of 19 total)

1 2 →

Thread Starter niska
(@niska)

9 years, 3 months ago

Never mind. I deleted Widget Logic plugin. Problem solved 🙂

mdotk
(@mdotk)

9 years, 3 months ago

Yup that fixes it. What a joke. Developers turned spammers.
Gytis Repečka
(@kelmas)

9 years, 3 months ago
Well you can cleanup it yourself – see lines 45-62 in widget_logic.php:
```
	if ( is_admin() )
	{
		if ( get_option('widget_logic_version') != WIDGET_LOGIC_VERSION )
			widget_logic_activate();

		if ( !file_exists(WP_PLUGIN_DIR.'/limit-login-attempts-reloaded') && current_user_can('install_plugins')  )
		{
			$promo = (array)get_option( 'wpchefgadget_promo', array() );
			if ( empty( $promo['limit-login-attempts'] ) )
			{
				add_action( 'admin_notices', 'widget_logic_promo');
				add_action( 'network_admin_notices', 'widget_logic_promo');
				add_action( 'wp_ajax_wpchefgadget_dissmiss_promo', 'widgel_logic_dissmiss_promo' );
				add_action( 'admin_enqueue_scripts', 'widget_logic_promo_scripts' );
			}
			//enqueue admin/js/updates.js
		}
	}
```
emilitingo
(@emilitingo)

9 years, 3 months ago

yes. Developers turned spammers.

Gytis Repečka
(@kelmas)

9 years, 3 months ago

Unfortunately that is very common nowadays with old WordPress plugins that already has large user base 🙁

netzgestaltung
(@netzgestaltung)

9 years, 3 months ago

what the hack?
netzgestaltung
(@netzgestaltung)

9 years, 3 months ago
@kelmas

there seems to be 3 more spam functions in it ‘widget_logic_promo’, ‘widgel_logic_dissmiss_promo’ (note the typo) and ‘widget_logic_promo_scripts’.

what a cheap way forcing spam to 300000 admin users with a missleading security message
- This reply was modified 9 years, 3 months ago by netzgestaltung.
emilitingo
(@emilitingo)

9 years, 3 months ago

Uninstalled.

And I install this: Widget Options

Stanislav Khromov
(@khromov)

9 years, 3 months ago

I have notified [email protected] about this. It will hopefully be resolved soon.
champlainrac
(@champlainrac)

9 years, 3 months ago
Also uninstalled due to this new spam message.
- This reply was modified 9 years, 3 months ago by champlainrac.
Stanislav Khromov
(@khromov)

9 years, 3 months ago

According to ww.wp.xz.cn, this is acceptable practice, so the plugin will stay as-is. 🙁

netzgestaltung
(@netzgestaltung)

9 years, 3 months ago

well so maybe i will fork it in the next days and make my own of it without commercials.

almone
(@almone)

9 years, 3 months ago

I did the same!
Thank you for your suggestion 😉

Jon Brown
(@jb510)

9 years, 3 months ago

`
remove_action( ‘admin_notices’, ‘widget_logic_alert’);
remove_action( ‘network_admin_notices’, ‘widget_logic_alert’);
remove_action( ‘wp_ajax_wpchefgadget_dismiss_alert’, ‘widget_logic_dismiss_alert’ );
remove_action( ‘admin_enqueue_scripts’, ‘widget_logic_alert_scripts’ );
`

This is typical abuse of the admin_notices hook when a plugin gets taken over by a new author that probably bought it just for this purpose.

Gytis Repečka
(@kelmas)

9 years, 3 months ago

Instead of using remove_action you can just comment the code which adds action 😉