According to the Sucuri Blog, please remove (if it hasn’t been already by WordPress) the SweetCAPTCHA plugin. It includes third party content which at this point is causing unwanted and potentially malicious popups.
Sucuri is recommending:
- If you use sweetCAPTCHA, you might want to remove it (at least for now).
- Carefully read term of services when you install something on your site — the software might include unwanted extras that they don’t advertise on their home pages.
- Think twice before installing any third-party scripts on your site. You lose control over content of your web pages. You should only install scripts that you really trust.
For more information on this issue, please visit and read the Sucuri Blog.