So blogging community has a rather large scare this week when it was shared that Pipdig, the company that made the blog themes that so many of us use, has put malicious coding in their themes.
Initially, this doesn’t cause too much concern. For all we know, this could have been an accident.
However, it was not meant to be. When confronted with these facts(with evidence) Pipdig did the one thing they probably shouldn’t have done. They tried to defend themselves.
Had they instead just accepted they they had done wrong and owned up to the fault, they probably could have saved their reputation of being a very reliable resource for blogging themes. However, instead they tried to cover it up.
The fallout has been messy. For those of us that don’t speak code, here is the low down:
1. The kill switch- While at first they said that it was an anti-piracy feature in an email, but that they never used it. Then they said that it didn’t destroy the site, but they it just reverted the site back to its defaults, but with the owner of the pages permission. THEN they said that it WAS a anti piracy feature, that they DID use it, and that it was effective.
….so who knows?
2. The password reset- during all of these sketchy updates with all this malicious code was going out? Pipdig make a backdoor so that they could change your password, locking you out of your account.
3. DDoS- Distributed Denial of Service. They used this code to use their customers websites (Pipdig users) to attack their competitors. A MAJORLY illegal move. They attacked other blog theme creators, as well as hosting companies, Bluehost in particular.
After all of this came to light, they rushed out a new update that got rid of the malicious code, and deleted a lot of their back history. Obviously sketchy.
So what now? Where do we go?
At the moment, Pipdig has put out an update like I said. I have that update, and I’m backing up my site. Fortunately, I didn’t host through Pipdig, so changing my theme isn’t the biggest priority. However, if you did host through them, get off. If you’re hosted trough Bluehost as well, get off. The malicious plug in specifically made it so Bluehost hosted sites ran slower. Fortunately I host through siteground,
Either way, long term plan: leave Pipdig and go to someone else. While I might be okay today, that’s no guarantee that they won’t put malicious code in a future update.
What other questions do you have in regard to this whole debacle?? Let me know!