Title: Backdoor?
Last modified: December 20, 2017

---

# Backdoor?

 *  [Rik0399](https://wordpress.org/support/users/rik0399/)
 * (@rik0399)
 * [8 years, 5 months ago](https://wordpress.org/support/topic/backdoor-2/)
 * Hi,
 * So read the report that this plugin had a backdoor and removed from the repository.
 * Since then, was restored after the backdoor code was removed?
 * So the question is, if this were the case, why have e not had an plugin update
   message?
 * Is it now safe to use or not?
 * Many Thanks

Viewing 9 replies - 1 through 9 (of 9 total)

 *  [Peter](https://wordpress.org/support/users/hardpeter4u/)
 * (@hardpeter4u)
 * [8 years, 5 months ago](https://wordpress.org/support/topic/backdoor-2/#post-9797837)
 * Yes, what about the backdoor? Has it been removed????
 *  [cjc1867](https://wordpress.org/support/users/cjc1867/)
 * (@cjc1867)
 * [8 years, 5 months ago](https://wordpress.org/support/topic/backdoor-2/#post-9797959)
 * I still wouldn’t trust it, why was it there in the first place?
 *  Thread Starter [Rik0399](https://wordpress.org/support/users/rik0399/)
 * (@rik0399)
 * [8 years, 5 months ago](https://wordpress.org/support/topic/backdoor-2/#post-9797967)
 * Hi
 * Don’t get me wrong, saves me a ton of time with hackers, bots etc
 * But come on WP, are you not checking/verifying plugins before you add them to
   the repository?
 * Awaiting your confirmation on the safety of this plugin before I continue to 
   use it please.
 * Many Thanks
 *  [SongofHannah](https://wordpress.org/support/users/songofhannah/)
 * (@songofhannah)
 * [8 years, 5 months ago](https://wordpress.org/support/topic/backdoor-2/#post-9797977)
 * I can’t believe this plugin is still available after it’s been proven to have
   a malicious backdoor. Very odd.
 *  [David](https://wordpress.org/support/users/vanguardbookkeeping/)
 * (@vanguardbookkeeping)
 * [8 years, 5 months ago](https://wordpress.org/support/topic/backdoor-2/#post-9798012)
 * There are links between this plugin and Maison Souza – who buys plugins to repurpose
   them.
    [https://www.wordfence.com/blog/2017/12/backdoor-captcha-plugin/?utm_source=list&utm_medium=email&utm_campaign=121917](https://www.wordfence.com/blog/2017/12/backdoor-captcha-plugin/?utm_source=list&utm_medium=email&utm_campaign=121917)
 * You should avoid touching anything related to him, including these which has 
   the same back-door code :
    – Covert me Popup – Death To Comments – Human Captcha–
   Smart Recaptcha – Social Exchange
 * [https://www.wordfence.com/blog/2017/09/man-behind-plugin-spam-mason-soiza/?utm_source=list&utm_medium=email&utm_campaign=091317](https://www.wordfence.com/blog/2017/09/man-behind-plugin-spam-mason-soiza/?utm_source=list&utm_medium=email&utm_campaign=091317)
 *  [Adam](https://wordpress.org/support/users/adamlachut/)
 * (@adamlachut)
 * [8 years, 5 months ago](https://wordpress.org/support/topic/backdoor-2/#post-9798023)
 * [@rik0399](https://wordpress.org/support/users/rik0399/): the malicious code (
   backdoor) was downloaded as an ‘update’
    [@songofhannah](https://wordpress.org/support/users/songofhannah/):
   v4.4.5 is clean (cleaned by WP Stuff)
 * A.
 *  [Joan Morci](https://wordpress.org/support/users/joanmor/)
 * (@joanmor)
 * [8 years, 5 months ago](https://wordpress.org/support/topic/backdoor-2/#post-9798039)
 * With Adam’s permission I will complete the info with link to the original source
 * [From Wordfence…](https://www.wordfence.com/blog/2017/12/backdoor-captcha-plugin/)
 * **What We’ve Done So Far**
 * As of this writing, we’ve created three firewall rules in total to protect our
   users’ sites from the backdoor installation. Premium customers received the first
   two rules on December 8th and the third one on the 14th. These rules also protect
   against the backdoor itself executing in Captcha as well as in the five other
   plugins available for download on simplywordpress.net. Free users will receive
   these rules 30 days from the original publish date via the community version 
   of the Threat Defense Feed.
 * We have also been working with the WordPress.org plugins team to get out a patched
   version of Captcha (4.4.5) that is backdoor-free. The plugins team has used the
   automatic update to upgrade all backdoored versions (4.3.6 – 4.4.4) up to the
   new 4.4.5 version. Over the course of the weekend over 100,000 sites running 
   versions 4.3.6 – 4.4.4 were upgraded to 4.4.5. They have also blocked the author
   from publishing updates to the plugin without their review.
 * **Our Recommendations**
 * We recommend that you uninstall the Captcha plugin immediately from your site.
   Based on the public data we’ve gathered, this developer does not have user safety
   in mind and is very likely a criminal actor attempting yet another supply chain
   attack. You should also ensure that you’ve enabled automatic updates within WordPress–
   that’s still one of the best ways to keep your site secure before disclosures
   like this take place. We also recommend using the Premium version of Wordfence,
   to proactively defend your site against threats like this one.
 * —
 * The most viable alternative seems: ‘[Really Simple CAPTCHA](https://wordpress.org/plugins/really-simple-captcha/)‘(
   By [Takayuki Miyoshi](https://profiles.wordpress.org/takayukister#content-plugins),
   creator of ‘Contact Form 7’ and compatible with it)
 * Greetings!
 *  Thread Starter [Rik0399](https://wordpress.org/support/users/rik0399/)
 * (@rik0399)
 * [8 years, 5 months ago](https://wordpress.org/support/topic/backdoor-2/#post-9798052)
 * Hi [@joanmor](https://wordpress.org/support/users/joanmor/),
 * Thanks for that,
 * It was a fine plugin to be sure…really impacted on those hackers and Bots…
 * DELETED!!
 *  Moderator [Samuel Wood (Otto)](https://wordpress.org/support/users/otto42/)
 * (@otto42)
 * WordPress.org Admin
 * [8 years, 5 months ago](https://wordpress.org/support/topic/backdoor-2/#post-9798061)
 * Hello, please read the entire original post. We worked with Wordfence last week
   to clean up the plugin and pushed it out as an automatic update.
 * They explained this in their post.
 * Version 4.4.5 is safe and you probably already have the update.

Viewing 9 replies - 1 through 9 (of 9 total)

The topic ‘Backdoor?’ is closed to new replies.

 * ![](https://s.w.org/plugins/geopattern-icon/captcha_92b6c9.svg)
 * [Captcha](https://wordpress.org/plugins/captcha/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/captcha/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/captcha/)
 * [Active Topics](https://wordpress.org/support/plugin/captcha/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/captcha/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/captcha/reviews/)

## Tags

 * [backdoor](https://wordpress.org/support/topic-tag/backdoor/)

 * 9 replies
 * 8 participants
 * Last reply from: [Samuel Wood (Otto)](https://wordpress.org/support/users/otto42/)
 * Last activity: [8 years, 5 months ago](https://wordpress.org/support/topic/backdoor-2/#post-9798061)
 * Status: not resolved