Sweetcapcha hacked and causing malicious popups

Same here. Clicking on some of my links (on https://www.evamusby.co.uk) opens a new tab with adverts – mostly https://www.musixlib.com/

Thank you guys for identifying it’s from Sweet Captcha
Such a shame. It really did a great job of preventing spam comments and it looked friendly too. De-installing it now.

If you want a pretty solid way at preventing spam look at ZBblock. It’s a PHP script that you hook to WordPress that uses the stop forum spam list.

Wow same thing was happening to me. I cannot believe Sweet Captcha did this. Unfortunate. Now to find a replacement.

I’m giving this one a try. WP-SpamShield Plugin for WordPress –

Thank you Ambershay. I am trying this now. Yesterday I replaced Sweet Captcha with Math Captcha and already have 70 spam comments. So glad to try something else.

Just got an E-mail from Sweetcaptcha asking why I stopped using the plugin. I told them they inserted malicious java script code in their plugin and to F off! What idiots! Didn’t WordPress remove their plugin already?

Also got an email asking why i stopped using it. Interesting that they know that??? Hum… What else do they know?

Had the same issue.

Website is registered with https://www.godaddy.com

Might be worth putting a complaint into them.

I’m using Geekstorge as my host and told him about this and that night they initiated a script to inform anyone using that plugin.

To add to everyones worries WordFence security has just shown me hackers are trying to hook in and use SweetCaptcha javascripts to get access to my site…

So it it isn’t the plugin itself, it’s the presence of the plugin that is increasing exposure.

Same issue here…I have removed the plugin from every one of my sites and client sites…I sent them an email and never heard a word back…also they have not really updated the plugin in a while, so I should have known…sad that they had to resort to doing something like this…

I tried to delete or remove my account from their server, you can’t.

I sent an email demanding they delete my account, got nothing back except an automated message saying they “care” and will be in touch in 48 hours – yeah right.

I sent another message requesting the account be deleted, again no answer.

But I did get an email like @cassel @the One asking why the plugin isn’t being used anymore.. shows they are tracking the API key.

Goodbye SweetCaptcha. I have deleted all their plugins on sites I run. I have let the WordPress community that I am in touch with know to not trust these guys. I wasted hours on this and deleted some genuine plugins thinking they might be the cause.

A couple of months now on using WP-SpamShield instead of SweetCaptcha, and I am delighted. Not a single bit of spam, and the user doesn’t even have to type in a captcha.

I just had this issue today on my website. This has not been resolved. Mine started showing up after an update from the plugin list. This plugin is no longer listed in WordPress. Do not use it!