WordPress founder Matt Mullenweg has ramped up the ongoing feud with WP Engine by creating a separate version of the Advanced Custom Fields (ACF) plugin. The fork, called Secure Custom Fields, strips out any commercial features and focuses on what WordPress claims are security improvements.
It essentially pulls ACF from WP Engine’s control, which has raised quite a few eyebrows in the WordPress community. Such a bold move is being seen as an unprecedented step, creating tension around who gets to control such a popular plugin. Many users are voicing concerns, unsure about what this means for the future of ACF under WP Engine’s management.
WordPress Cites Security, WP Engine Disagrees
Mullenweg pointed to safety issues, saying that commercial upsells embedded in ACF had no place in a core plugin that many developers rely on. With this new fork, Secure Custom Fields, the WordPress team aims to realign with the platform’s long-standing plugin rules, which give WordPress the right to alter or remove plugins if they pose a risk to users.
It’s a move that seems designed to keep the ecosystem free of unwanted commercial interests, at least according to Mullenweg. But WP Engine and the ACF team didn’t take this quietly. On X (previously Twitter), they hit back, calling the fork a hostile takeover of something they were still developing. They noted that in WordPress’s long history, this type of action hadn’t been seen before, which makes it even more controversial.
We have been made aware that the Advanced Custom Fields plugin on the WordPress directory has been taken over by WordPress dot org.
A plugin under active development has never been unilaterally and forcibly taken away from its creator without consent in the 21 year history of… pic.twitter.com/eV0qakURLc
— Advanced Custom Fields (@wp_acf) October 12, 2024
Financial and Legal Tensions Underlying the Conflict
This latest action reflects deeper legal and financial disputes between Mullenweg’s Automattic and WP Engine. Over the past months, tensions have escalated, with Mullenweg accusing WP Engine of contributing little to the open-source community, and confusion over WP Engine’s branding as part of the problem. WP Engine responded with legal threats, while Mullenweg hinted that more aggressive actions were possible unless WP Engine agreed to license the WordPress trademark.
One major point of contention is WP Engine’s use of the ACF plugin within their service. Since WordPress now controls the plugin, WP Engine has lost its ability to push updates through WordPress, something critical for keeping the plugin secure. For WP Engine, this cuts off a key avenue to address any vulnerabilities that could pop up in the plugin’s code.
This has happened several times before, and in line with the guidelines you agreed to by being in the directory: https://t.co/90ni1jB7E2
Best of luck with your version. We’re looking forward to making ours amazing for our users, using the best GPL code available.
— WordPress (@WordPress) October 12, 2024
Long-Running Frustrations With WP Engine
The roots of this spat go deeper than just plugin control. Mullenweg’s frustrations with WP Engine have been building for some time. He has, in the past, called the hosting provider a “cancer” to the WordPress project, particularly criticizing their handling of the WordPress trademark and their business ties with the private equity firm Silver Lake.
At the recent WordCamp, Mullenweg took another swipe, urging users to put their money toward platforms that actively support WordPress’s open-source mission. WP Engine, he implied, had not done enough to deserve the community’s backing.
Despite this solution, the fork has unsettled many in the WordPress community. The idea of splitting a widely-used plugin over legal disputes raises concerns about where WordPress is headed in terms of plugin management and independence. WP Engine, for its part, has urged users to think carefully about whether WordPress’s actions align with the values of an open-source platform.
Last Updated on November 7, 2024 2:35 pm CET
