Sweetcaptcha Wordpress Plugin deliberately creates popups
For a little while, I’ve been surprised by popups on my blog site dpod.kakelbont.ca (tl;dr: they don’t happen any more because I removed the SweetCaptcha plugin).
I’m not quite sure the contexts in which I’d been seeing them, but for whatever reason I thought they were coming as an artefact of something else: a bottom banner on my cellphone that I was accidentally touching or something similar.
But today it became clear that there really was Something Amiss. When I checked on both Chrome and Firefox, it was happening the first time I clicked on any page link in my site. It took a little while googling for a solution (turns out a lot of people want popups to appear in their Wordpress sites and most things I found were about how to make them happen).
I found a few sites that promoted malware removal programs that suggested it was local system malware (not likely, since I was on Linux and Android and this was pan-machine and affecting only one site).
I found a few that suggested it might be a rogue plugin (again not likely since it was occurring in multiple different browsers on multiple operating systems and only on the one site).
Finally I found this security company blog describing the problem and this discussion on a Wordpress forum.
The funny thing was, I didn’t actually think that the app was that great (it works by making users drag an image to another one [e.g. bread to an ant] before they can sign in, but it doesn’t work on touchscreen UIs). I’d left in in place out of laziness.
Now that it is gone, however, the problem has disappeared.
The real issue here is that redirecting like this seems to have been part of their business model. Wordpress apparently removed their app from the store a year ago or so, but they haven’t automatically disabled it, even through several updates. Really, Wordpress also has an obligation to let others know when they find something like this out.