This plugin is no longer supported

I (Mike Challis) am the original author of Fast Secure Contact Form. No, this site did not get hacked. I sold my Wordpress plugins to a new owner in June 2017 with a WordPress user profile name “fastsecure”. Without prior notice or evidence of his intentions, the new owner attempted to put malicious code in several of his newly acquired WordPress plugins that would connect to a 3rd party server (that he also owned) and inject spam ads for payday loans and such in the site's WordPress posts.

The new owner put spam code in versions 4.0.52, 4.0.53, 4.0.54, and 4.0.55 of Fast Secure Contact Form and versions 3.0.1 and 3.0.2 of SI CAPTCHA Anti-Spam but it actually failed to display any spam in these plugins because he put the code in the securimage.php captcha library file. The malicious code required WordPress libraries to also be loaded to execute. The reason the spam code did not do anything at all is because the securimage.php file is not included in the WordPress runtime environment. The securimage.php file was only included from another file securimage_show.php that loads the captcha image directly from HTML IMG src outside of the WordPress runtime. The spam code in these two plugins was never activated, it would not have corrupted your posts or changed anything in the WordPress database.

I am sorry for any inconvenience this has caused. The plugins were all taken off the WordPress directory by WordPress staff. When they do this removal, it appears like it was suddenly deleted without any notice or reason. This sudden disappearance and lack of notice from WordPress is an unfortunate weakness of their directory features. They might someday add the notice feature, but for now, it is missing. For anybody who had the plugin installed, WordPress moderators have released a hidden clean version of this plugin, with the malicious code removed. Version 4.0.56 is clean, and has the various changes from the new owner backed out. If you already had the plugin installed, your WordPress site will safely upgrade to Version 4.0.56 through the normal update process.

WordPress moderators told me these plugins will not be relisted in the WordPress plugin directory, nor will they receive any further updates. I recommend uninstalling them and finding alternative plugins for your future needs.

It is sad that people out there can go to extreme lengths to spam or corrupt a system and in this case, WordPress plugins. This happened to some other plugins as well and I am sure WordPress will add more warnings and safeguards to help prevent this from happening to other plugins again.

Here is the last available clean "End of Support" Fast Secure Contact Form version 4.0.57, Fast Secure reCAPTCHA version 1.0.21, SI CAPTCHA for WordPress version 3.0.4 if you need to manually install for any reason. The version number is bumped once again to prevent the auto update from trying to update. This web site and the PHP version 3.2.1 of Fast Secure Contact Form were not effected. The Fast Secure reCAPTCHA and Visitor Maps WordPress plugins were not compromised during this incident. All these softwares are now "End of Support" and will no longer be updated.

Some have asked if they can still donate and say thank you, so here you are:


Mike Challis