• Mike Challis

    (@mikechallis)


    I am the original author of SI CAPTCHA for WordPress. This plugin had a new owner in June 2017 with a WP user profile name “fastsecure”. The new owner attempted to put code in several of his newly acquired WordPress plugins that would connect to a 3rd party server he also owned and place spam ads for payday loans and such in the WP posts.

    The new owner put spam code in versions 3.0.1 and 3.0.2 but it failed to display any spam because he put the code in the secureimage.php file. The malicious code required WordPress libraries to also be loaded to execute. The reason the spam code did not do anything at all is because the secureimage.php file is not included in the WordPress run time environment. The secureimage.php file is included from another file securimage_show.php that loads the captcha image directly from html img src outside of the WordPress run time. The spam code in this plugin was never activated, it would not have corrupted your posts or changed anything in the WordPress database.

    I am sorry for any inconvenience this has caused. I never expected that this would happen. The plugin was taken off the WordPress repository by WordPress staff until this can be sorted out. Perhaps a new version will soon be published. I might be able to restore my Contributor status. In the meantime it should be advised to deactivate or uninstall the plugin.

    Mike Challis

Viewing 3 replies - 1 through 3 (of 3 total)
  • Moderator Samuel Wood (Otto)

    (@otto42)

    WordPress.org Admin

    I have released a clean version of this plugin, with the malicious code removed.

    Version 3.0.3 is clean, and has the various changes from the new owner backed out. You can safely upgrade to it through the normal process.

    This plugin will not be relisted in the Plugin Directory, nor will it receive any further updates. I recommend finding an alternative plugin for your future needs.

    MissKitty9470

    (@misskitty9470)

    So I should delete this plugin and find a replacement? I wanted to update to 3.0.3, and tried to view the changelog from WP dashboard but getting an error message (“Something Went Wrong…”)

    mbrsolution

    (@mbrsolution)

    @misskitty9470, my advice to you is to find a replacement as soon as possible. This plugin is no longer supported here in WordPress repository.

    Kind regards

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Where did the plugin go?’ is closed to new replies.