Wordfence Reports Backdoor in Captcha Plugin
Important notice for our hosting clients
Wordfence released a report regarding the Captcha plugin that is (yes, is again at this time) offered in the WordPress repository. If you are using this plugin please read the full Wordfence article here.
As long as you have updated your plugin to the latest version you are now okay. The backdoor was taken out by awesome folks at WordPress.org and they pushed out an update to the many, many affected websites. As of this writing, the rolling out of this update is likely still underway.
Although Wordfence and WordPress corrected this issue, we suggest that if you do use this plugin, you should find a replacement from another plugin author or company. We would go a step farther: do your homework and stop using any and all software that was created by the makers of Captcha.
We cannot add to Wordfence’s extensive post, and hope you take the time to read it in it’s entirety. With our understanding of the situation, we have to recommend that no plugins or software of any type by this company be used on your websites. There are many repuatable and honest plugin authors out there, writing great code and providing dynamite plugins. There is no need to use the products of those who have lost the trust of the WordPress community.
Not sure if your Captcha plugin is the one in the article? Drop us a line and we will help you. We will even implement another solution for you at no cost if you currently have a hosting account with us.