CMS dangers: Plugins. This episode – Sweet Captcha
First, an apology for anyone who recently visited this site and found themselves bombarded with pop up ads or alarmist claims that they’d contracted viruses. I’m incredibly sorry. A plugin that I use(d), SweetCAPTCHA, is now injecting pop ups in what appears to be an attempt to monetize their plugin.
Now, whether SweetCAPTCHA’s been compromised (I don’t think so) or has turned to nefarious means to try to fill their coffers (ding ding!), the ease at which this happened should set off alarm bells for CMS users everywhere (after all, SweetCAPTCHA’s not WordPress specific). I’ve been absolutely guilty of thoughtlessly hitting the “upgrade” link on plugins, especially on sites of my own. I’m a bit more cautious with client sites after having been bit more than once by an upgrade that rendered inoperable an important plugin, but I’d be lying if I didn’t admit that sometimes I don’t do sufficient research before and adequate QA after some upgrades. And that leads to a night like tonight, logging into all my personal and client sites in a panic to see who had SweetCAPTCHA installed and activated (thankfully no clients – only this site and one other personal site).
Plugins are third party. They’re dangerous. We’re trusting them to do what they say they do and nothing more. And we placing that trust in them again and again each time we agree to an upgrade. We need to be careful.
So again, I sincerely apologize. This site doesn’t get a whole lot of traffic, but the traffic it does get are mostly people looking for help. Every time I receive an email or comment from someone telling me this little site of mine has helped them it makes me a bit warm inside. That SweetCAPTCHA hijacked my little warmth generating site to take advantage of its visitors pisses me right the fuck off.
Read more about SweetCAPTCHA’s shitty new business model here and here.