What happened with Pipdig? The Drama

With my twitter followers being predominantly bloggers, every other tweet is talking about what happened with Pipdig. What should I do now? Is my site at risk? What have I missed?… I’ve done a fair bit of reading thanks to uni procrastination, so I thought I’d compile all the information you need to know into one simple post. Please bare in mind I am no technical expert or qualified in this area – though I’m sure you’ll be able to tell anyway!

The Frugal Frenchie

What happened with Pipdig? The Drama

What has Pipdig done?

Throughout the blogging community, Pipdig has always been known for providing gorgeous blog themes and amazing customer service and tech support. It was a well trusted and regularly recommended company.

However, on Friday (29th March), WordFence, a company who specialises in WordPress security support, reported that Pipdig’s plugin contained harmful coding. To know what they reported, you can read the initial report here and their latest update, here.

Using you to attack their competitors

One form of malicious coding that Pipdig has reported using on our blogs, is DDoS. I had obviously never heard of this previously, so for those of you in a similar boat, DDoS is a form of cyber attack which makes loads of traffic or requests floor to competitor sites. This slows that website down considerably and can even lead them to crash! Pipdig was doing this as a one-off, if you had their hosting too, your blog could be carrying out this cyber attack hourly!

Pipdig has had different responses regarding this. At first, they did confirm this coding exist, claiming that “we don’t currently know why this is the case,” however a day later, they changed their answer to a “no” without explanation. Interestingly enough though, they knew that people were finding out as they have now removed the code in their latest plugin – difficult to interpret it as an accident, no?

A GDPR nightmare? Gathering data on users

Although Pipdig is renowned for their classy, instagrammable-looking themes, many people (including myself) did not know about their hosting. In what I can only imagine being a form of secret marketing strategy, Pipdig added a code to make their followers think their host was the cause for their site being slow or irresponsive. Of course, by doing so, they hoped that you would then switch to them for your hosting and they could earn more money.

In a partial chunk of their coding, you can see how they’ve done this. They wrote “lyrical host” (third line) inside the coding, but with so many spaces and punctuation that it’d be difficult to spot. So sneaky!

$error_src = parse_url($me, PHP_URL_HOST);
	$dns = dns_get_record($error_src, DNS_NS);
	if ((isset($dns[0]['target']) && (strpos($dns[0]['target'], 'l'.'yr'.'i'.'calhost'.'.co'.'m') !== false)) || (isset($dns[1]['target']) && (strpos($dns[1]['target'], 'ly'.'ri'.'calhost'.'.co'.'m') !== false)) ) {

I need to look more into this aspect, but surely gathering data that you haven’t given permission into providing is against some kind of GDPR? If so, they’ll be in a lot more trouble by the looks of it.

Plugin issues?

Plugins are used for a variety of purposes and are designed to help the running of our blogs/ websites. Pipdig have been disabling a large number of these plugins. They themselves have admitted this in their public statements and Wordfence has said: “it’s at best questionable practice to make these sorts of changes on behalf of your users without their knowledge.”

Not only this but in Wordfence’s update post, they found that the plugin “Pipdig Power Pack (P3)” contained: code that misleads variable names, function names and impacts comments. For example, if somebody were to mention another service, such as Blogerize (what they used in the post as their example), the Pipdig plugin would put a content filter that automatically would replace references to Blogerize, with Pipdig’s own services.

A “kill switch”

Wordfence found that Pipdig had created a code which had the ability to delete a site entirely. If this code became executed, it’d wipe your entire blog and all your work will have disappeared. To this, Pipdig is in denial yet again, have suspiciously now deleted this code.

You may think, oh surely they haven’t actually done this in real life? Jem, a blogger and developer, would disagree. She wrote her own post on the Pipdig situation and people have been coming forward to say it has happened to them! They reported their websites vanishing while using a Pipdig theme or some have found their admin passwords changed unbeknownst to them and were denied access to their blogs.

What has Pipdig got to say for themselves?

Pipdig has written a statement regarding the accusations (well, evidence) they have faced.

After providing reasons on why he didn’t see the need to rebuke allegations, he then gave a short but sweet summary of his opinions.

“Do you DDOS competitors?”


“Do you kill sites?”


“Do you have the ability to kill sites via the Pipdig Power Pack?”


Hardly very convincing in my opinion….

Their deletion of some parts of their latest plugin, makes me doubt the denial they later talk about in their statement. They deny breaching any GDPR laws by sending or gathering personal data without consent but they do confess to disabling a number of small plugins.

Have a read, see what you think about it and let me know your opinions in the comments!

What to do if you have any Pipdig themes or hosting

(I thought I’d bullet point this part so any skim readers out there won’t miss any information)

  • Update your plugin on WordPress to the latest version (as of 2/04 this should be version 4.90)
  • BACK UP YOUR WEBSITE. Although the above point should make your blog temporarily safe from the “kill switch” you would not want to lose all your content should it ever happen.
  • See if financially, you’re in a place where you can try and change your blog theme (whether you’re on WordPress or Blogger). If not, there are some free ones you can use
  • If you do decide to change theme, disable the Pipdig plugin beforehand.

For all those who are now facing difficulties, I wish you the best of luck!

Leave a Reply

Your email address will not be published. Required fields are marked *