Gather ’round ladies – its storytime! I wanted to share a little blogger tea that is currently happening in my industry with a web design company, Pipdig. I talked about this briefly on Instagram and got quite a few requests for a blog post. The Pipdig theme scandal first got my attention because my blog design theme is by Pipdig. For my fellow bloggers who also have Pipdig, keep reading so you can figure out what is going on and the next best steps for your blog. I also have a great list of additional design resources.
WHAT IS PIPDIG??
Pipdig is a UK web design company that creates different theme designs for WordPress websites and blogs. My design template for Whit Wanders is by Pipdig. This company’s designs are very popular with bloggers and content creators.
WHAT IS THE SCANDAL??
The blogger community was up in arms on twitter after WordFence published a security investigation into Pipdig Plugin for WordPress. UPDATE: The Pipdig Plugin issue was originally found by Jem: blog post here. Pipdig was accused of adding code to the plugin to be able to: change the password of any site user, a remote kill function to delete the full contents of the website, disabled Bluehost caching, and even some code that appeared to attack a competitor of Pipdig.
A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress.
WordFence did a blog post around their investigation of the malicious code and even showed evidence of Pipdig trying to cover its tracks by deleting portions of their Github. Here is their full post: here.
Managed to demonstrate Pipdig’s “kill switch” on a test install of WordPress with pipdig Power Pack (p3) v4.7.2. It worked, which confirms they have the power to remotely delete your entire blog & every post you’ve ever written simply by typing your blog URL into a text file.
— Michael Waterfall (@mwaterfall) March 31, 2019
In this post, we additionally reveal new evidence that @pipdig used their Blogger themes, not just WordPress, to issue suspected DDoS requests. These scripts were found on Pipdig’s own servers, and were actively issuing malicious requests until yesterday. pic.twitter.com/GxWA35HYuc
— Mikey Veenstra (@heyitsmikeyv) April 2, 2019
GitHub cloud-based publishing tool and hosting platform. It also has a desktop application for locally storing projects. Github is used by programmers, developers, and designers to store projects and keep track of changes to their files.
Sorry we’ve been a bit absent on Twitter. Our post at https://t.co/HFQyFvEmdB has been updated. This is our final word on all of this. Thank you for all the positive responses we have received from people! It is hugely appreciated ❤️
— pipdig (@pipdig) March 31, 2019
UPDATE – BLACKLISTING
- Due to all of the malicious code and allegation, there are now several hosting platforms that are now blacklisting the Pipdig plugin. They are currently on GoDaddy Blacklist.
WHAT TO DO IF YOU ARE A BLOGGER WHO:
A.) USES A PIPDIG DESIGN THEME
B.) PIPDIG IS YOUR HOST COMPANY
I am in group A – I currently use a Pipdig design theme. I am personally removing Pipdig from my website. I am not comfortable supporting a company that is not taking accountability for the flaws found in their code and intentionally trying to harm competitor sites.
- Ask for a Refund – If you purchased your Pipdig template in the last 180 days – you should be able to get a refund
- Backup Your Site – Find a backup plugin that is compatible with your WordPress site and backup a copy of your site before making any changes
- Remove – Remove Pipdig from your website – themes and plugins.
- Hosting – Change Hosting Companies if Pipdig is your host
Recommended Host – I previously used BlueHost but had a lot of issue with my site being down. I switched to SiteGround and have really enjoyed my hosting experience with them. Here are some hosting company recommendations:
WHERE CAN I FIND A NEW THEME??
If you are looking for a new template I found quite a few female-owned web design companies that offer blogger friendly themes. Check them out below:
New Theme Recommendations:
TIP: Make sure to remove all Pipdig plugins from your site before adding a new theme. There have been reports of WordPress sites running into issues with the design changes.
WHAT IF I WANT TO KEEP MY PIPDIG TEMPLATE
It’s 100% your decision if you want to remain with Pipdig. But it may negatively impact your site in the long run. The Pipdig plugin is being blacklisted by quite a few hosting platforms which may impact how quickly your blog and design elements load.
NEW DESIGN – WHIT WANDERS
Changing my design is quite a time consuming as quite a few of my elements were custom – but its a huge priority for me. I still haven’t found a design I like but I am on the hunt. My goal is to update it this weekend. Bear with me as I address all these changes and update my design. My site may be a bit glitchy as I switch over the theme but appreciate your patience as I work through this latest issue.
Thanks for making it through this very long post! Happy Friday babes!
If you are a blogger and have questions around Pipdig – please email me!