Title: ikeif's Replies | WordPress.org

---

# ikeif

  [  ](https://wordpress.org/support/users/ikeif/)

 *   [Profile](https://wordpress.org/support/users/ikeif/)
 *   [Topics Started](https://wordpress.org/support/users/ikeif/topics/)
 *   [Replies Created](https://wordpress.org/support/users/ikeif/replies/)
 *   [Reviews Written](https://wordpress.org/support/users/ikeif/reviews/)
 *   [Topics Replied To](https://wordpress.org/support/users/ikeif/replied-to/)
 *   [Engagements](https://wordpress.org/support/users/ikeif/engagements/)
 *   [Favorites](https://wordpress.org/support/users/ikeif/favorites/)

 Search replies:

## Forum Replies Created

Viewing 5 replies - 1 through 5 (of 5 total)

 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Limit Login Attempts] [BUG] Refresh = Login Attempt](https://wordpress.org/support/topic/bug-refresh-login-attempt/)
 *  [ikeif](https://wordpress.org/support/users/ikeif/)
 * (@ikeif)
 * [11 years, 8 months ago](https://wordpress.org/support/topic/bug-refresh-login-attempt/#post-4923520)
 * I would suggest whitelisting your IP address as the simplest solution.
 * From the example code:
 *     ```
       function my_ip_whitelist($allow, $ip) {
         	return ($ip == 'my-ip') ? true : $allow;
        }
        add_filter('limit_login_whitelist_ip', 'my_ip_whitelist', 10, 2);
       ```
   
 * or, as in my case, if you have an array:
 *     ```
       $ips = array("191.0.0.1", "192.0.0.2");
       function my_ip_whitelist($allow, $ip) {
        	return (in_array($ip, $ips) ? true : $allow;
       }
       add_filter('limit_login_whitelist_ip', 'my_ip_whitelist', 10, 2);
       ```
   
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Limit Login Attempts] Plugin hacked](https://wordpress.org/support/topic/plugin-hacked-1/)
 *  [ikeif](https://wordpress.org/support/users/ikeif/)
 * (@ikeif)
 * [11 years, 8 months ago](https://wordpress.org/support/topic/plugin-hacked-1/page/3/#post-4581809)
 * Already ladies and gents – I’ve scoured through the code, and I’ve had a couple
   others scour through the code and the code looks good. Nothing makes it seem 
   viable as a point of entry or a cause/source of a hack (so it’s possible it was
   a security issue on the server, or in wordpress itself).
 * I’ve reinstalled the plugin, and am back to blacklisting the people that attempt
   to brute force logins against my sites.
 * I’m working on a couple upgrades to it as well, as time allows.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Limit Login Attempts] Plugin hacked](https://wordpress.org/support/topic/plugin-hacked-1/)
 *  [ikeif](https://wordpress.org/support/users/ikeif/)
 * (@ikeif)
 * [11 years, 9 months ago](https://wordpress.org/support/topic/plugin-hacked-1/page/2/#post-4581801)
 * As one of the original people reporting this from the plugin “being hacked” –
   this isn’t “malicious rumors” but “cause for concern.” As the WordPress API has
   been updated repeatedly, and the plug-in has not in two years, it creates the
   cause for concern that it may be using insecure or deprecated methods that can
   create the potential for it to be targeted and hacked.
 * Two independent users (myself and igloobob) encountered this issue. I have emails
   from a third party notifying me of the breach:
 * > You may view the external back link by looking at the source of the page.
    
   > Please know that we rectified the infection by having [http://www.sucuri.net&lt](http://www.sucuri.net&lt);
   [http://www.sucuri.net/&gt](http://www.sucuri.net/&gt); disinfect our blog and
   the infected pages. In order to assist you, we have provided you with information
   and coding below if your blog or site has been impacted by the infection spread
   by these hackers: > ======================================================> >
   Infection got through: > > ./blog/wp-content/plugins/limit-login-attempts-S/limit-
   login-attempts.php > > The .php file contained the following malicious code loading
   lots of .html files (~ 184 files) within the directory > > ‘./blog/wp-content/
   plugins/limit-login-attempts-S/scripts/’: > =================================
   ================================================= >
 *     ```
       > $rand_dir=array_rand($dir,3);
       >
       > foreach($rand_dir as $t_num) {
       >
       > echo '<a href=&quot;'.home_url().'/?pid='.$dir[$t_num].'&quot;
       >
       > target=&quot;_blank&quot;>'.str_replace('.html','',str_replace('-',' '
       > ,$dir[$t_num])).'</a>';
       > }
       >
       ```
   
 *  =====================================================================
    > We 
   have taken this attack on our website blog from these hackers very seriously.
   We suggest that you forward this letter to the appropriate individual who handles
   the technical and security issues with regard to your website. > > It is our 
   understanding in addressing this issue with our webmaster and security team is
   that by removing the above coding as well as the html files within the script
   directories, any potential risk or exposure to your site from these hackers should
   be alleviated. >
 * So I think it’s a bit presumptuous to say “the plugin doesn’t suffer from a security
   breach and is safe to use” if you are not performing a full code and security
   audit on it, and then pushing blame on other plugins.
 * You *could* be correct. Or you could be very incorrect, asserting a false assumption,
   and the plugin needs updating.
 * Personally, I’m reviewing the code to see if I can update it myself, as time 
   permits, but as I’m not the author, it is not a priority of mine (and as it is
   a free plugin, I don’t expect johanee to make it a priority, either).
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Limit Login Attempts] Plugin hacked](https://wordpress.org/support/topic/plugin-hacked-1/)
 *  [ikeif](https://wordpress.org/support/users/ikeif/)
 * (@ikeif)
 * [12 years, 3 months ago](https://wordpress.org/support/topic/plugin-hacked-1/#post-4581721)
 * I was using 1.7.1
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Limit Login Attempts] Plugin hacked](https://wordpress.org/support/topic/plugin-hacked-1/)
 *  [ikeif](https://wordpress.org/support/users/ikeif/)
 * (@ikeif)
 * [12 years, 3 months ago](https://wordpress.org/support/topic/plugin-hacked-1/#post-4581718)
 * Yup – I had to delete it as well, I had a bunch of html files (including those
   you mentioned) added, and a third party contacted me tracing the link jumps.
 * I don’t know if this will get straightened out, but I’m looking at alternatives
   now.
 * I was sent this:
    Infection got through:
 * ./blog/wp-content/plugins/limit-login-attempts-S/limit-login-attempts.php
    The.
   php file contained the following malicious code loading lots of .html files (
   ~ 184 files) within the directory ‘./blog/wp-content/plugins/limit-login-attempts-
   S/scripts/’: ================================================================
   ==================
 *     ```
       $rand_dir=array_rand($dir,3);
       foreach($rand_dir as $t_num) {
       echo '<a href=&quot;'.home_url().'/?pid='.$dir[$t_num].'&quot;
       target=&quot;_blank&quot;>'.str_replace('.html','',str_replace('-',' '
       ,$dir[$t_num])).'</a>';
       }
       ```
   

Viewing 5 replies - 1 through 5 (of 5 total)