Unless you’ve been living under a rock, you’re likely aware of the Pipdig scandal which has unfolded over on Twitter over the last week. Amidst articles and discussions between web developers and security experts – of which this article by Wordfence is the most popular and thorough – there has been a fair amount of mass-panic within the blogging community. For some, who’ve spent upwards of £50 on their Pipdig theme, there’s a feeling of confusion and despair.
Most of the literature and discussion surrounding the topic is riddled with technical jargon that is well beyond the capabilities of most. The Wordfence article stands at a hefty 4500 words and makes little practical sense to most bloggers who’s knowledge of web dev and coding is limited or non-existent.
I contacted a few web developers who have been outspoken on the topic with the hope of sharing a jargon-free explanation for bloggers. This article comes with a big thank you to Kathy Zant of Wordfence for taking the time to help me understand the saga in layman terms.
To cover my own back: I am not a web development professional by any means. My knowledge of code is limited. Nothing in this piece is intended to have legal effect or constitute professional advice.
What have Pipdig allegedly done wrong and what does that mean for my blog?
“In the simplest possible term, a theme takes content that’s stored in your database and organises it into a visible layout.” (Zant)
As you well know you can switch themes, purchase new ones and customise them to your taste. Pipdig sells themes largely targeted at bloggers at an affordable price (far cheaper than having a web developer create you a custom site.)
A piece of code has been discovered within Pipdig’s plugin that essentially does malicious stuff. It shouldn’t be there and it is potentially (likely) illegal.
If you have purchased a Pipdig theme then you are running this plugin on your (Blogger or WordPress) site. Pipdig are taking advantage of their customers trust and lack of coding knowledge to allegedly hurt other people (competitors etc).
So what do I do now?
1. Backup your site.
- Updraft Plus is a recommended backup plugin
- You can backup to Google Drive or Dropbox and easily restore if you ever have a problem
2. Find a new theme and remove all Pipdig plugins and themes from your site.
- According to Kathy, it’s best process anyway to be removing themes and plugins you’re no longer using to make your site faster and more secure.
I host via Pipdig. What about me?
If you host with Pipdig the recommendation is to definitely move off of that platform. You can use a hosting provider that will assist you to migrate your site. Some recommended ones are:
- SiteGround (excellent customer support)
- Kinsta (free site migration)
- LiquidWeb (excellent customer support)
Where do I get a new theme?
Obviously you’re going to need a new theme. Kathy’s advice is to use the WordPress repository where there are themes that will operate almost identically to Pipdig and can be fully customised. You can preview a theme or even install it to see how it works with your content.
I know that for a lot of bloggers, this answer simply won’t be enough. There are lots of premium theme providers out there, just be aware that with no knowledge of code you do not know exactly what you’re installing onto your site. Aesthetic is important, yes, but content is always king and security is vital.
This twitter thread makes various recommendations of new themes for those looking to mirror their Pipdig aesthetic –
If you’ve seen the whole #Pipdig drama and want to change themes (I’d recommend it) and don’t know where to look, then here’s some other options I’ve found which in my opinion look just as good or better (thread)
— Rachel ✨ (@HeyRachieface) April 2, 2019
Can I get my money back?
If you bought your theme within the last 180 days you are entitled to contact Pipdig via email and request a refund. They may not respond, at which point you should dispute via PayPal or failing that your bank provider.
In layman terms, online products are still subject to consumer rights protection and thus you may have a claim as the product has been misold or could be deemed faulty. Again, this is not legal advice, just a suggestion.
Given the state of Pipdig’s PR right now, you’d think it wise that they may wish to honour refund requests and salvage what’s left of their customer base. In reality, who knows?
Can’t I just leave the Pipdig theme on my site?
Well yes, you could. However even if you’re not concerned about any potential impact on your site itself you should consider whether it’s a brand you now wish to be associated with.