Incorrect “Widget Logic team security recommendation”

  • I get this message at the top of all my admin-pages:

    “Widget Logic team security recommendation: It appears your site might NOT be currently protected against login attacks. This is the most common reason admin login gets compromised. We highly recommend installing Limit Login Attempts Reloaded plugin to immediately prevent this.”

    Why does Widget Logic give me this info? Is it some kind of scam? I don’t want to install Limit Login Attempts Reloaded. I already have very good protection against login attacks…

Viewing 15 replies - 1 through 15 (of 19 total)
  • Thread Starter niska

    (@niska)

    Never mind. I deleted Widget Logic plugin. Problem solved ??

    Yup that fixes it. What a joke. Developers turned spammers.

    Well you can cleanup it yourself – see lines 45-62 in widget_logic.php:

    	if ( is_admin() )
	{
		if ( get_option('widget_logic_version') != WIDGET_LOGIC_VERSION )
			widget_logic_activate();

		if ( !file_exists(WP_PLUGIN_DIR.'/limit-login-attempts-reloaded') && current_user_can('install_plugins')  )
		{
			$promo = (array)get_option( 'wpchefgadget_promo', array() );
			if ( empty( $promo['limit-login-attempts'] ) )
			{
				add_action( 'admin_notices', 'widget_logic_promo');
				add_action( 'network_admin_notices', 'widget_logic_promo');
				add_action( 'wp_ajax_wpchefgadget_dissmiss_promo', 'widgel_logic_dissmiss_promo' );
				add_action( 'admin_enqueue_scripts', 'widget_logic_promo_scripts' );
			}
			//enqueue admin/js/updates.js
		}
	}

    yes. Developers turned spammers.

    Unfortunately that is very common nowadays with old WordPress plugins that already has large user base ??

    what the hack?

    @kelmas

    there seems to be 3 more spam functions in it ‘widget_logic_promo’, ‘widgel_logic_dissmiss_promo’ (note the typo) and ‘widget_logic_promo_scripts’.

    what a cheap way forcing spam to 300000 admin users with a missleading security message

    Uninstalled.

    And I install this: Widget Options

    I have notified [email protected] about this. It will hopefully be resolved soon.

    Also uninstalled due to this new spam message.

    • This reply was modified 7 years, 9 months ago by champlainrac.

    According to www.remarpro.com, this is acceptable practice, so the plugin will stay as-is. ??

    well so maybe i will fork it in the next days and make my own of it without commercials.

    I did the same!
    Thank you for your suggestion ??

    `
    remove_action( ‘admin_notices’, ‘widget_logic_alert’);
    remove_action( ‘network_admin_notices’, ‘widget_logic_alert’);
    remove_action( ‘wp_ajax_wpchefgadget_dismiss_alert’, ‘widget_logic_dismiss_alert’ );
    remove_action( ‘admin_enqueue_scripts’, ‘widget_logic_alert_scripts’ );
    `

    This is typical abuse of the admin_notices hook when a plugin gets taken over by a new author that probably bought it just for this purpose.

    Instead of using remove_action you can just comment the code which adds action ??

Viewing 15 replies - 1 through 15 (of 19 total)
  • The topic ‘Incorrect “Widget Logic team security recommendation”’ is closed to new replies.