WordPress Plugins Reviews

Pipdig WordPress Themes Security Threats – Update!

Abstract: Pipdig, a WordPress product developer theme(s) was discovered to have nefarious, PHP code which presented a security threat. When Popdig was informed that indeed these threats were found, they denied it and went about updating the PHP code. April 11, 2019 - In last week’s post, we reported on some concerning code identified in the Pipdig Power Pack (P3) plugin. The plugin, which is installed alongside WordPress themes sold by Pipdig, was found to contain a number of suspicious or malicious features. Among these features were a remote “killswitch” Pipdig could use to destroy sites, an obfuscated function used to change users’ passwords, and code which generated hourly requests with the apparent intent of DDoSing a competitor’s site.

In the days since we published that report, Pipdig has taken a series of increasingly questionable steps in their attempts to mitigate the fallout of their actions. Their team has issued baseless accusations that facts have been fabricated, collusion between their competitors had taken place, and that no wrongdoing of any sort had occurred.

These assertions stand in direct conflict with their actions. They’ve pulled down incriminating files from their sites, pushed undocumented updates to their plugins to remove additional malicious code, and have attempted to rewrite history by modifying dates of changelog entries. Then, perhaps most egregiously, Pipdig took down the Bitbucket repository containing a great deal of evidence of these actions. All of this had been done while an entire community of WordPress developers watched.

In today’s followup, we’ll use Pipdig’s official responses to recap their documented offenses. Then, we’ll discuss the timeline of events in the deployment and subsequent removal of Pipdig’s malicious code. After that, we’ll look at the evidence they’ve made efforts to destroy. Last, we’ll reveal new evidence that Pipdig’s suspected DDoS campaign against their competitor had still been active until April 1st, using Blogger themes.

Recap: Pipdig’s Words vs. Pipdig’s Code

April 4, 2019

In the uproar following the publication of their missteps, Pipdig released (and subsequently updated) a statement with the intent of dispelling the controversy. Unfortunately, instead of admitting fault and apologizing to their users, Pipdig leaned into a series of accusations and denials. Let’s take a look at the individual points of these responses, and why each fails to help Pipdig’s cause. We’ll avoid using code samples in this section, though the Timeline section that follows will contain code as evidence.

Unauthenticated WordPress Database Deletion

In our report, we explained how a cron (scheduled process) built into the P3 plugin was effectively asking Pipdig’s server every hour for permission to destroy the database of the site it’s running on. Pipdig hasn’t denied that the code existed, but has attempted to “rebrand” the behavior in a number of ways.

Play
Prev
Next

These Highly Rated plugins are just a fraction of the WordPress Plugins. There are many great plugins yet to be reviewed.

visit reviews

H5P

H5P makes it easy to create interactive content by providing a range of content types for various needs. Preview and explore these content types below.

You can create interactive content by adding the H5P plugin to your: WordPress, Moodle or Drupal site, or you can create content directly on H5P.org and embed it on your website.

Check out the author guide to get started.

The Power, Ease and Beauty of H5P (HTML5)

H5P brings in to any website, an authoring presentation project which gives the behavior of Flash to a HTML web page. Setup for WordPress

Example:

Abuse of Power by moderator – esmi

WordPress script and the community is excellent with many authors and others who are very helpful. Lets not allow a few primadonnas give WordPress community a bad name.
 
Moderator Abuse of Power

Mel Pedley

Code name, Esmi or AKA Mel Pedley

Mel Pedley wins "The Queen Diva Abuse of Power Award" for 2014. Read more

 

Banners/Image Sliders

Calendars – Events

Currency Ticker

E-Commerce – Shop

Is there an Etsy-like (multi-vendor marketplace) e-commerce plugin out there?

Forms

You may want to consider a form maker plugin that has conditional functions. Caldera Forms in one of those which we are reviewing.

Galleries

Learning Management (Authorware)

Media/Image Management-Presentation

Easy FancyBox click to see example of this plugin presents on your site

Popups

Popup Maker and others

Product/Business Reviews

Riibons – Corner Ribbons

Role Creation

(Not Groups)

Gap-Hub-User-Role

Statistics

Security

SEO – Search Engine Optimization

Table Plugins WordPress

Text Editor

Themes

Headway Themes - a defunct business that is no longer in business however they are still selling the product.

Credits:

Page layout using Page Builder

The WordPress page logo was created with Xara Photo Design MX