> Another one from the @pipdig plugin. If you use one of their themes on @bluehost then they intentionally slow your website down by disabling the BlueHost cache plugin, then they can inject content with the title "Is your host slowing
you down?"<p><a href="https://twitter.com/nickstadb/status/1112479746972151808" rel="nofollow">https://twitter.com/nickstadb/status/1112479746972151808</a><p>pipdig is a goldmine.
A developer at Pipdig wrote these lines of code and shipped it, I wonder how they felt.<p><pre><code> foreach ($tables as $table) {
$wpdb->query("DROP TABLE $table");
}</code></pre>
And this just illustrates the horror that is the proprietary market place of WordPress plugins. It is annoying because this results in incentives to take away freedom from users and require payment for proprietary code in the guise of a free software project. To expand Word Press functionality beyond the core functions you have to wade through a minefield of freemium plugins that have all been slightly broken to encourage you to shell out money to someone for code you won't have any freedom with and the worst of it possibly demonstrated by code like this. I have built some sites with WordPress but I have always felt stifled by the way the plugins and themes are distributed. On the other hand I understand people like being able to charge money and create businesses from the code they right which can be more challenging if you actually write free as in libre software vs. attempting to extract money from every potential user.
Here's a second writeup, which also contains a response from pipdig: <a href="https://www.wordfence.com/blog/2019/03/peculiar-php-present-in-popular-pipdig-power-pack-plugin/" rel="nofollow">https://www.wordfence.com/blog/2019/03/peculiar-php-present-...</a>
Did they seriously have the audacity to deny all this after all those code examples were shown?<p>Edit: Wow, peoples' responses on Twitter are even more delusional. Wtf?
From pipdig <a href="https://www.pipdig.co/blog/sad-times/" rel="nofollow">https://www.pipdig.co/blog/sad-times/</a>
It looks like the company involved is based in the U.K. and also seems likely this software and their usage of it is a violation of the Computer Misuse Act.<p>One of their competitors should consider filing a complaint with the relevant authorities, so this gets formally investigated.
"Sad times - <a href="https://www.pipdig.co/blog/sad-times/"" rel="nofollow">https://www.pipdig.co/blog/sad-times/"</a>
No shit.
These guys put all this evil into their code (PHP no less so easily readable by anyone) and it took this long for them to get caught?<p>Further, they peddled this into who knows how many themes they sold and never thought they'd get caught?
What options are left if you need a simple website builder that's not<p>a) Wordpress, which is a swamp filled with mines in the form of plugins
b) Wix, which forces hosting and bad HTML on you<p>Basically I want a Wordpress-like frontend + the rich template ecosystem and for it to spit out static HTML files.
I'm a little late on the wagon here but someone seems to have made a recent backup of the code on Github: <a href="https://github.com/longwave/p3" rel="nofollow">https://github.com/longwave/p3</a>