Sweet Captcha Plugin Issues
My domain master and I started to notice a few weird things happening over the last couple of weeks.
Ads popped up when we were in 1 or 2 WordPress sites. Randomly!?
I saw the link flash before my eyes with the words ‘clksdeals’ … Too fast to catch much more.
Then, after today’s round of WP version auto updates, my domain master had 1 or 2 white screens when logging into a site.. or error messages.
After doing due diligence and some sleuthing, he found the culprit!
The Plugin “Sweet Captcha”.
Turns out a few other people had problems too:
We found these Posts from June 2015.
“SweetCAPTCHA Service Used to Distribute Adware ”
Sadly Blog. Sucuri revealed this:
“Could it be that the sweetCAPTCHA site was compromised and hackers injected that clktag .com code into their scripts?
But there seems to be another explanation.
5.2 You acknowledge that within the sweetCAPTCHA service and/or sweetCAPTCHA API, There might be included 3rd party content which will be displayed for the purpose of user interaction. This content might include but will not be limited to ads, banners, links, search engine input fields and etc.
This explains the use of an ad script in CAPTCHA and why they provide this service for free”
Who said ” This plugin was supposed to prevent spam comments by using its unique image matching and lively texts. But, the makers of this wordpress plugin betrayed our trust by installing a malicious script from clkdeals.com (one of the worst adware distributors)”
Moral of the Story?
Deactivate and delete immediately if you have the ‘Sweet Captcha’ Plug in installed on your WordPress site and remember.. you always have to check Plugins and see if they are supported and what else MAY be happening out there.