Since we all use WordPress, we take an interest in what others are doing, for the better or worse. Well, we have seen some of the worst things in recent weeks. Today we touch on some controversy in the WordPress community around a plugin suite and a theme shop.
pipdig is a weird name for a theme. First of all, spell check wants to capitalize it when you start a sentence with the word. The UK based company has seen a backlash from colleagues in the WordPress world. It seems they have done some shady stuff with their themes.
According to Jembella,
pipdig, one of the biggest WordPress theme providers to bloggers, is distributing code dressed up as the “pipdig Power Pack” plugin which amongst other things:
- is using other blogger’s servers to perform a DDoS on a competitor
- is manipulating blogger’s content to change links to competitor WordPress migration services to point to the pipdig site
- is harvesting data from blogger’s sites without permission, directly contravening various parts of the GDPR
- is using the harvested data to, amongst other things, gain access to blogger’s sites by changing admin passwords
- contains a ‘kill switch’ which drops all database tables
- deliberately disables other plugins that pipdig has decided are unnecessary, without asking permission
- hides admin notices and meta boxes from WordPress core and other plugins from the dashboard, which could contain vital information
Rightfully so, Jen called them out. Starring with the whole DDoS thing, that’s pretty bad. I had an email conversation with a friend who works in CyberSecurity and shady was the word he used. That’s not enough. They weren’t exactly receptive to the correction.
Wordfence breaks down pipdig’s response (you can see that here) in which they titled the article Dishonest Denials, Erased Evidence, and Ongoing Offenses.
In the days since we published that report, Pipdig has taken a series of increasingly questionable steps in their attempts to mitigate the fallout of their actions. Their team has issued baseless accusations that facts have been fabricated, collusion between their competitors had taken place, and that no wrongdoing of any sort had occurred.
What theme do you use? Drop it in the comments below.
Automattic created quite a stir recently when people started to notice that paid plugins for Jetpack started appearing the results at the top of searches in the WordPress dashboard. This, of course, did not go over real well in a community that prides itself on being Open Source.
Sarah Gooding at WPTavern picked up the story,
Jetpack 7.1 was released earlier this month with new blocks for WordAds, Business Hours, Contact Info, Slideshows, and Videos. This release also quietly added suggestions to the plugin search screen, a change that has not been well-received by the developer community. If a user searches for a plugin that has a feature that is already offered by Jetpack, the plugin will insert an artificial (and dismissible) search result into the first plugin card slot, identifying the corresponding Jetpack feature.
Our own Sebastian Moran shows MainWP users how they can use the MainWP Snippets extension to remove the “promotions.”
If you are curious what exactly Jetpack syncs, you can learn more on their website. Comments on the WPTavern article is a goldmine of interesting conversation among developers and a member of the WordPress.org team.
Make sure you take a look at both of Sebastian’s articles on when plugins gone wild (I mean Wrong).
That’s it for this month’s edition of the World of WordPress. There are certainly lots of things going on this month, and it is worth keeping an eye on the Jetpack situation as well as pipdig.
What themes do you use for your WordPress projects? Drop them in the comments below.