ikeif

I would suggest whitelisting your IP address as the simplest solution.

From the example code:

function my_ip_whitelist($allow, $ip) {
  	return ($ip == 'my-ip') ? true : $allow;
 }
 add_filter('limit_login_whitelist_ip', 'my_ip_whitelist', 10, 2);

or, as in my case, if you have an array:

$ips = array("191.0.0.1", "192.0.0.2");
function my_ip_whitelist($allow, $ip) {
 	return (in_array($ip, $ips) ? true : $allow;
}
add_filter('limit_login_whitelist_ip', 'my_ip_whitelist', 10, 2);

As one of the original people reporting this from the plugin “being hacked” – this isn’t “malicious rumors” but “cause for concern.” As the WordPress API has been updated repeatedly, and the plug-in has not in two years, it creates the cause for concern that it may be using insecure or deprecated methods that can create the potential for it to be targeted and hacked.

Two independent users (myself and igloobob) encountered this issue. I have emails from a third party notifying me of the breach:

> You may view the external back link by looking at the source of the page.
> Please know that we rectified the infection by having http://www.sucuri.net<http://www.sucuri.net/> disinfect our blog and the infected pages. In order to assist you, we have provided you with information and coding below if your blog or site has been impacted by the infection spread by these hackers:
> ======================================================>
> Infection got through:
>
> ./blog/wp-content/plugins/limit-login-attempts-S/limit-login-attempts.php
>
> The .php file contained the following malicious code loading lots of .html files (~ 184 files) within the directory
>
> ‘./blog/wp-content/plugins/limit-login-attempts-S/scripts/’:
> ==================================================================================
>

> $rand_dir=array_rand($dir,3);
>
> foreach($rand_dir as $t_num) {
>
> echo '<a href=&quot;'.home_url().'/?pid='.$dir[$t_num].'&quot;
>
> target=&quot;_blank&quot;>'.str_replace('.html','',str_replace('-',' '
> ,$dir[$t_num])).'</a>';
> }
>

=====================================================================
> We have taken this attack on our website blog from these hackers very seriously. We suggest that you forward this letter to the appropriate individual who handles the technical and security issues with regard to your website.
>
> It is our understanding in addressing this issue with our webmaster and security team is that by removing the above coding as well as the html files within the script directories, any potential risk or exposure to your site from these hackers should be alleviated.
>

So I think it’s a bit presumptuous to say “the plugin doesn’t suffer from a security breach and is safe to use” if you are not performing a full code and security audit on it, and then pushing blame on other plugins.

You *could* be correct. Or you could be very incorrect, asserting a false assumption, and the plugin needs updating.

Personally, I’m reviewing the code to see if I can update it myself, as time permits, but as I’m not the author, it is not a priority of mine (and as it is a free plugin, I don’t expect johanee to make it a priority, either).

Yup – I had to delete it as well, I had a bunch of html files (including those you mentioned) added, and a third party contacted me tracing the link jumps.

I don’t know if this will get straightened out, but I’m looking at alternatives now.

I was sent this:
Infection got through:

./blog/wp-content/plugins/limit-login-attempts-S/limit-login-attempts.php
The .php file contained the following malicious code loading lots of .html files (~ 184 files) within the directory
‘./blog/wp-content/plugins/limit-login-attempts-S/scripts/’:
==================================================================================

$rand_dir=array_rand($dir,3);
foreach($rand_dir as $t_num) {
echo '<a href=&quot;'.home_url().'/?pid='.$dir[$t_num].'&quot;
target=&quot;_blank&quot;>'.str_replace('.html','',str_replace('-',' '
,$dir[$t_num])).'</a>';
}