> It sounds like they got a little overaggressive fighting with the company that had hijacked their themes and were selling them last year.

Some of this might be explainable in this fashion, but not all.

https://www.wordfence.com/blog/2019/03/peculiar-php-present-...

> Firstly, the plugin includes a content filter that automatically replaces references to Blogerize, a service which claims to be a beginner’s blogging course, with references to Pipdig’s own services.

It sounds like that might have been the place that stole it?

Doesn't matter. A WordPress plugin/theme developer has no business altering the content of sites using their software.

Not changing content linking to a competitor's services into one linking to author of the plugin's without the user's knowledge.

Generally speaking, most WordPress plugins alter the presentation or functionality of a site, not its content. There's some exceptions, like search-and-replace [1], but even in those cases the functionality is made obvious to the user.

[1]: https://wordpress.org/plugins/search-and-replace/

Saw this on Twitter:

> Phil you need to stop with the lies. Not only do you outright lie about having the ability to kill sites with your plugin, you state that this was implemented in response to a security breach you experienced in July 2018. The code was implemented in November 2017.

https://twitter.com/nickstadb/status/1112444919409446912

Unfortunately, pipdig wiped and recreated the repo an hour ago, so that history is no longer available there at least.

y, even having this in their plugin wasn't the right way to do things. And if the timing isn't lining up that starts poking holes in their response.

I was just trying to give them the benefit of the doubt if this was done to try to combat piracy.

With GPL some piracy is expected though, and this isn't the right way to combat it.

WordPress plugins and development is still the Wild Wild West.

Most developers are good but they are some Black/Gray Hats out there for sure.