Their reply is an exercise in basic obfuscation and dissembling. Instead of explaining the specific 'features' of their code, their response is in a question-and-answer format. They chose the questions, and they are sufficiently broad and otherwise carefully chosen so that they can avoid being specific about what, exactly, they were up to. Some obvious follow-up questions to their initial answers are conspicuously absent.
Being able to drop someone else's full site contents is not something anyone should get away with under any circumstance.
The want to prevent pirated theme - reset the theme to twentysexteen; block frontend access; overlay frontend with notification, etc - so many options. Deleting data? That is not one of them.
I won't even get into the deliberate other plugins disabling with comments like "sorry not sorry", including cache plugins to advertise their own hosting.
> There was function in an older version of the plugin which could be used to reset a site back to the default settings. This function had no risk of of malicious or unintentional use.
> The portrayal of this feature is not based on reality. There is a function in the plugin which can be used to clear database tables, much like a backup or standard reset plugin. To confirm, we do not have the ability to “kill” a site, nor would we ever, ever want to do that! The function is in place to reset a site back to defaults, however it is only activated after being in touch with the site owner.
It dropped all wordpress tables. This is not a reset. There's also no reason to only have PipDig able to do this via their server, vs. an option in the configuration.
They also don't address the password reset functionality.
At best, these people are incompetent and don't realize the power their code wields. At worst, they're just backpedaling and trying to mitigate damage. (I especially like their attempt to humanize themselves by saying they're just four people who like cat memes.)
