Malware popup ads on your wordpress website – delete “sweetcapcha” plugin

  • by

If your website has started giving users obnoxious malware popup ads when they navigate to a new page, remove your wordpress plugin “sweetcapcha”. Its one of those plugins that is supposed to enhance security but seems to be using it as a trojan horse to deliver those ads we all hate. The “Call Tech Support NOW, you have a Virus” kind of ads.

Worse yet, I brought it to SweetCapcha’s attention giving them the full technical details, which five other users confirmed, and they have done nothing about it. This makes me actually wonder if perhaps they were not hacked as I initially suspected, but rather that it was by malicious design that this happened. In any case, they do not seem to take security seriously so I strongly recommend that you do NOT use this plugin.

Warning: Do not use wordpress plugin “SweetCapcha”

If users are presented with a drag and drop task like these when they sign up for an account on your website, then you are using the sweetcapcha plugin and it is causing your malware popups. Note: the malware popups occur on ALL pages, not just login pages!




Note to other wordpress plugin providers: If a user reports that your plugin is malware or causing malicious popup ads, do not bury your head in the sand as Sweetcapcha has done. Your response needs to be –

“OMG, we are SO sorry. This is our highest priority, we will fix that right away. We value your trust in us and will take all necessary steps to make sure that this never, ever happens again.”