The ongoing dispute between Matt Mullenweg, the founder of WordPress, and WP Engine, a hosting provider, has escalated significantly. Mullenweg recently announced that WordPress is forking the Advanced Custom Fields (ACF) plugin, a tool developed by WP Engine that assists users in customizing their WordPress edit screens. The newly created plugin, called Secure Custom Fields, is intended to address security issues and eliminate commercial upselling practices associated with ACF. In his announcement, Mullenweg emphasized that this drastic measure was necessary to protect users, while also highlighting the need for greater transparency within the WordPress ecosystem.
The Advanced Custom Fields team has publicly responded to Mullenweg’s actions, condemning the forking of their plugin as a “unilateral and forcible” takeover of a product still actively being developed. They pointed out that such an event had not occurred in the 21-year history of WordPress, suggesting that this move violates an essential community promise. The ACF team raised concerns over the ethical implications of Mullenweg’s decision, urging users and developers to consider the precedent this situation establishes within the community. They argue that forcing a plugin’s removal without the original creator’s consent undermines the foundational principles of collaboration and fairness that the WordPress community is built upon.
Despite these concerns, both Mullenweg’s blog post and a response from the WordPress organization assert that similar incidents have occurred in the past, although they are rare. Mullenweg explained that this particular case was necessitated by WP Engine’s legal challenges and public safety concerns regarding the plugin. Citing the WordPress plugin guidelines, he noted that the organization reserves the right to disable or modify any plugin if deemed necessary for community safety, which includes the ability to act without the creator’s consent in urgent situations.
A brief history of the conflict reveals bitter tensions between Mullenweg and WP Engine, stemming from various grievances Mullenweg has regarding the company’s practices. Just last month, he openly criticized WP Engine in a blog post, labeling it a “cancer to WordPress.” Mullenweg’s critiques of WP Engine included their reluctance to support features like revision history and concerns about the company’s investor, Silver Lake. He also expressed frustration about WP Engine’s branding, claiming it creates confusion among customers regarding its relationship with the WordPress platform.
In retaliation, WP Engine has issued cease-and-desist letters, alleging that Mullenweg issued threats of a “scorched earth nuclear approach” unless WP Engine opted to pay for the licensing rights to the WordPress trademark. This back-and-forth culminated in WordPress initially banning WP Engine from accessing WordPress.org, preventing the company from providing automatic updates for ACF. Although this ban was briefly lifted, it was reinstated, effectively halting WP Engine’s ability to rectify security vulnerabilities through the official WordPress platform.
In light of the recent developments, Mullenweg has committed to ensuring that Secure Custom Fields will function as a non-commercial plugin going forward. He has extended an invitation to developers interested in maintaining and enhancing the newly forked plugin to get involved. This effort not only aims to resolve security flaws but also seeks to foster an inclusive environment for developers within the WordPress community, despite the challenges presented by the ongoing disagreement with WP Engine. The situation underscores the complexities of navigating copyright, community ethics, and proprietary interests in a widely used open-source platform like WordPress.
