You might think that websites get hacked through the WordPress login and some do, but a much bigger problem is themes and plugins. We don’t know what code is in a plugin or theme, or what it is doing and we assume that everything is OK. It may not be.
Here is an interesting story from Wordfence that discovered some strange code in a theme and plugin from Pipdig. It had code that enabled admin backdoors into your site, had the power to delete your site, and could have been used to attack competitor’s sites.
There is no evidence any of this was actually happening to anyone, but why would they put in the code to do this?
Skip the technical talk about the code, you won’t understand it unless you are a developer, but there is enough plain English here to understand what is going on, and it is weird.
It makes you wonder whether Pipdig is trustworthy. It also makes you wonder what other theme and plugin developers are hiding in their code.
© 2019 R.A.Waddilove