- This topic has 1 reply, 1 voice, and was last updated 1 year, 1 month ago by .
You might think that websites get hacked through the WordPress login and some do, but a much bigger problem is themes and plugins. We don’t know what code is in a plugin or theme, or what it is doing and we assume that everything is OK. It may not be.
Here is an interesting story from Wordfence that discovered some strange code in a theme and plugin from Pipdig. It had code that enabled admin backdoors into your site, had the power to delete your site, and could have been used to attack competitor’s sites.
There is no evidence any of this was actually happening to anyone, but why would they put in the code to do this?
Skip the technical talk about the code, you won’t understand it unless you are a developer, but there is enough plain English here to understand what is going on, and it is weird.
It makes you wonder whether Pipdig is trustworthy. It also makes you wonder what other theme and plugin developers are hiding in their code.
© 2020 R.A.Waddilove
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.
Google Analytics collects anonymous information such as the number of visitors to the site, the most popular pages, and so on. Keeping this cookie enabled helps us to improve our website and make it even better.
Infolinks is an advertising technology company that provides a variety of online advertising-related services. It respects all concerns about privacy issues and earns a small income for the site to enable it to keep running.
Amazon may store cookies on your computer. As an Amazon Associate I earn from qualifying purchases. This does not affect the price you pay.
Please enable Strictly Necessary Cookies first so that we can save your preferences!