SweetCaptcha – WordPress Adware Vulnerability Alert

A popular captcha plugin has recently been added to the WordPress “do not use” list.  Sweet Captcha, a captcha plugin for WordPress as well as other CMS systems, has been removed from the WordPress repository after being confirmed as packaging adware within it’s newest released plugin.  If you have the plugin installed, we highly recommend disabling and removing the plugin from your WordPress install.  If you are a WP Cover member, we immediately notified you of the situation probably before you even realized it.  We offered recommended courses of action and alternative plugins to use in Sweet Captcha’s place.

This is just further reason to deeply consider what and how many plugins you want to utilize on your WordPress site.  We always recommend using as few plugins as necessary to get the job done and using paid or premium plugins whenever possible.  While this will never guarantee you complete security, it is a step in the right direction.  Finally, pick up a WP Cover security plan today, we monitor your site & plugins 24×7 so when issues arise, we’re here to fix them, probably before you realize they are an issue.

Update

Following this post and having removed Sweet Captcha from over 50 websites over the last two weeks, we started receiving lots of emails from Sweet Captcha’s team, asking for the reason we remove the plugin from so many install?  Pretty funny that they would even ask when the answer was obvious.  When you are completely removed from the WordPress repository, end up on Sucuri’s security blog, your not going to be receiving any plugin of the year awards.