Support » Plugin: Contact Form 7 » The plugin that sabotaged itself

  • This was a brilliant plugin that my company had been using on dozens of sites for many years without any issues at all – it just worked. It was so good at stopping spam that we never had to worry. Then one fateful day, the developer pushed a devastating update that broke spam filtering all at once, for everybody. The poorly handled rollout of this update has caused myriad problems for countless site owners. Rather than allowing the old methodology and the new to live side-by-side and let people migrate over at their own pace, reCAPTCHA v2 was removed completely (including keys from the database) in favor of v3, leaving every updated site wide open to attack by default. Worse, v2’s removal was not disclosed anywhere in the changelog. If you hadn’t been paying very close attention, you wouldn’t have even known to upgrade to v3 keys at all.

    Even after you enter v3 keys, most sites still get hit with massive amounts of spam, with the added detriment of having a Google advertisement prominently displayed in the lower right-hand corner of every page, often overlapping essential website content. This was placed there without notification or consent. It just shows up once you insert v3 keys into the plugin.

    The author so far does not seem to be considering the addition of v2 support back into the plugin, even going so far as to say that v3 is a “great masterpiece”. I guess we’ll have to wait and see.

    In short, this was a great plugin that grew to over 5 million installs for very good reason. Then the author sabotaged the plugin with the aforementioned update and undermined trust. I hope the author rights the ship before it’s too late. I’d love to have a reason to update this review to reflect the many positive aspects about this plugin, but in its present state, I cannot recommend it in good faith.

    EDIT: Running CF7 along with the “Advanced noCaptcha & invisible Captcha” plugin makes this a viable plugin again by adding makeshift support for reCAPTCHA v2, for the time being. Also, there is a new update that fixes some of the v3 leakage, but the invasive Google badge remains and native v2 support is still left out in the cold.

    • This topic was modified 11 months, 1 week ago by typeless.
    • This topic was modified 11 months ago by typeless.
    • This topic was modified 11 months ago by typeless.
Viewing 2 replies - 1 through 2 (of 2 total)
  • Correct. It is unbelievable the arrogance of them to make a move like that. Without any real testing apparently. Then to make a statement basically telling the users to buzz off when they ask for the old version back. We have been spending many hours deleting contact form 7 and replacing with WPforms. I have found this plug in to be a suitable replacement.

    The author of Contact form 7 basically cost my company a minimum of $500 for all the work put into changing these plug-ins.



    “The plugin that sabotaged itself”

    I love the title. It’s like commencing a divide and conquer tactic on your on own product. I wonder does the @takayukister read these support messages?

    This plugin is just a tool for most, and it worked absolutely great for years, precisely because it had backwards compatibility!

    I’m having also serious trust issues at this point.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘The plugin that sabotaged itself’ is closed to new replies.