Title: Security Issue… Last modified: July 4, 2017 --- # Security Issue… * Resolved [JJNW](https://wordpress.org/support/users/jjnw/) * (@jjnw) * [8 years, 11 months ago](https://wordpress.org/support/topic/security-issue-77/) * I noticed on line 434 in admin-custom-login.php there is a`$settings = json_decode( file_get_contents( $import_file ) );` which I believe could allow someone to inject code remotely. Can anyone expand on this? * I commented out the line to ensure security, and found no issues yet with doing this. Any guidance or advice would be appreciated. Viewing 1 replies (of 1 total) * Plugin Author [Weblizar – WordPress Themes & Plugin](https://wordpress.org/support/users/weblizar/) * (@weblizar) * [8 years, 11 months ago](https://wordpress.org/support/topic/security-issue-77/#post-9289520) * Hi Jjnw, * The plugin has Import & Export setting like when you migrate your site from old to new. Then you don’t need to configure all plugin settings again. * Just export the setting for old server, the server makes a JSON file of setting. Then go to new server import the JSON file to get all your previously saved configurations. * That’s it. * **Note:** Only admin allow to do this, no one can hit this line of code coz it’s the part of a function. And this function run only when admin triggers this action manually. * Hope you understand. * Thanks for using this plugin, your feedback is really appreciated. 🙂 Viewing 1 replies (of 1 total) The topic ‘Security Issue…’ is closed to new replies. * ![](https://ps.w.org/admin-custom-login/assets/icon-256x256.png?rev=1121656) * [Admin Custom Login](https://wordpress.org/plugins/admin-custom-login/) * [Frequently Asked Questions](https://wordpress.org/plugins/admin-custom-login/#faq) * [Support Threads](https://wordpress.org/support/plugin/admin-custom-login/) * [Active Topics](https://wordpress.org/support/plugin/admin-custom-login/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/admin-custom-login/unresolved/) * [Reviews](https://wordpress.org/support/plugin/admin-custom-login/reviews/) * 1 reply * 2 participants * Last reply from: [Weblizar – WordPress Themes & Plugin](https://wordpress.org/support/users/weblizar/) * Last activity: [8 years, 11 months ago](https://wordpress.org/support/topic/security-issue-77/#post-9289520) * Status: resolved