Legal Battle Between Automattic and WP Engine Over WordPress Trademarks
If you’ve ever managed a WordPress site, you’ll know this universe isn’t short on surprises. And the latest twist is raising more than a few eyebrows. WordPress.org has taken control of a popular plugin, the renowned Advanced Custom Fields (ACF), sparking varied reactions within the community. Sound strange? Well, it is, and quite a lot at that. But before diving into the details, let’s look at how we ended up here.
WordPress co-founder Matt Mullenweg announced that WordPress.org decided to take over the ACF plugin. But it wasn’t without reason. According to Mullenweg, there was a security issue with the plugin that needed urgent resolution. While he didn’t provide details about the problem—leaving many with more questions than answers—he made it clear it was a significant issue.
Imagine having an app on your phone that you use every day, and suddenly, the company behind it decides they no longer trust its developers. Without asking, they replace it with another version. That’s more or less what happened here.
Mullenweg justified the action under Clause 18 of the WordPress plugin directory guidelines, which states that WordPress can take action on a plugin without the developer’s consent if there’s a serious issue. Here’s where it gets complicated: WP Engine, the company behind ACF, responded by filing a lawsuit against Mullenweg and Automattic, adding further tension to the situation.
Such interventions are rare in the WordPress community, where the rules usually allow for peaceful coexistence between developers and the platform. But this time, things have escalated. WP Engine took to X (formerly Twitter) to express its surprise and frustration, pointing out that WordPress had never acted so “unilaterally” before.
In an added twist, WordPress announced that the plugin would now be called Secure Custom Fields. This fork—as Mullenweg described it—is a derivative of the original plugin, featuring a few changes such as removing the commercial sales integration and, of course, fixing the security problem (though we still don’t know what it was).
It’s like buying something you thought was the original, only to find out it’s a ‘better’ version you didn’t ask for. ACF users now have a ‘new’ plugin in their hands, even though they never requested the change.
If you’re a dedicated ACF user, this news has likely left you feeling a bit unsettled. Imagine using a plugin for years to customise your website, only to find that you now need to download a different version or follow certain steps to keep receiving updates. WP Engine has clarified that if you’re not a customer of theirs or Flywheel, you’ll need to manually download the plugin to keep getting support.
This situation highlights the importance of specialised platforms that keep users informed about these changes. For example, WWWhat’snew.com, a website known for covering the latest tech news, often features stories like this to help users adapt to sudden shifts in the WordPress ecosystem.
Ready to enhance your content strategy and boost your SEO performance? Start by evaluating your current content for relevance and engagement. Need assistance? Contact us today for personalised advice on crafting content that resonates and ranks.
If you ask me what I think of all this, I’d say it’s a rather complex scenario. On one hand, I understand the necessity of protecting website security, which is key in the WordPress environment. On the other, the way this situation has been handled has left many with a bad taste. The idea that WordPress.org can intervene like this, without warning, creates unease among developers. What’s next?
This could set a significant precedent in the open-source world. The legal action by WP Engine and the response from WordPress may have far-reaching consequences beyond this particular plugin. Could such interventions become more common in the future? Only time will tell.
It’s safe to say this story is far from over. The legal battle between WP Engine and Automattic is just beginning, and we’ll likely see more chapters unfold in the coming months. Meanwhile, ACF users face a choice: continue with the new Secure Custom Fields or return to the original ACF by manually downloading it. What’s clear is that this situation has left the community in a state of uncertainty.
For now, all we can do is stay alert and watch how things evolve. And of course, keep following platforms like WWWhat’snew.com to stay updated on any further twists in this tech drama.
This story has been updated with more details as they have emerged, and we’ll continue to do so as the dispute progresses.
The world of WordPress, one of the most widely used technologies for building and hosting websites, is currently in the midst of heated controversy. At the core is the conflict between WordPress founder and Automattic CEO Matt Mullenweg and WP Engine, which hosts websites built on WordPress.
WordPress, being open-source and free, powers around 40% of the internet. Users have the choice to self-host their WordPress instance or use providers like Automattic or WP Engine for a plug-and-play solution.
In mid-September, Mullenweg called WP Engine a “cancer to WordPress,” criticising the company for disabling revision history tracking by default to save costs. He also accused WP Engine and its investor, Silver Lake, of not contributing enough to the open-source project and of misleading customers into thinking they are part of WordPress.
In response, WP Engine sent a cease-and-desist letter to Mullenweg and Automattic, claiming that their use of the WordPress trademark was covered under fair use. WP Engine also alleged that Mullenweg had threatened to take a “scorched earth nuclear approach” unless WP Engine agreed to pay a significant percentage of its revenues for a licence to use the WordPress trademark.
Automattic countered by banning WP Engine from accessing WordPress.org resources, which impacted many websites, preventing updates to plugins and themes and leaving them vulnerable to security risks. WP Engine called this an abuse of power, impacting the entire ecosystem and leaving small website owners helpless.
The WordPress Foundation also updated its Trademark Policy to clarify that the abbreviation ‘WP’ shouldn’t be used in a way that confuses people into thinking services are officially associated with WordPress.
The community has responded with concern, with many questioning Automattic’s motives and control over WordPress. Developers and contributors have voiced worries about relying on commercial open-source products, fearing that their access could be revoked quickly and without warning.
Prominent figures in the tech world, such as Ghost CMS founder John O’Nolan and Ruby on Rails creator David Heinemeier Hansson, have weighed in, criticising Automattic’s control over WordPress and its actions against WP Engine.
The dispute culminated with WP Engine suing Automattic and Mullenweg, alleging that Automattic was failing to keep its promises of running WordPress as an open project. In the wake of these tensions, 159 Automattic employees took a severance package and left the company, raising concerns about the future of WordPress governance.
Given the current conflict between WP Engine and Automattic, it’s possible that other plugins owned by WP Engine could face similar issues in the future. Here’s a list of WP Engine’s plugins to keep an eye on:
Smart Plugin Manager: Automatically keeps plugins up to date and your sites secure.
Site Monitoring: Provides website status alerts to learn about errors and resolve them quickly.
Global Edge Security: High-performance SOC 2 level security with Managed WAF.
Page Speed Boost: Optimises web pages and reduces loading times—powered by NitroPack.
Advanced Custom Fields (ACF): Enables custom fields, post types, and taxonomies.
Local: Allows users to build WordPress sites on their local machines for free.
Application Performance: Delivers faster site speed and increased stability, powered by New Relic.
WP Migrate: Helps move databases, media, themes, and plugins between sites.
WP Offload Media: Offloads media to third-party storage for faster delivery.
WP Offload SES: Improves email deliverability using Amazon SES.
Better Search Replace: A useful plugin for lightweight migrations and simple database edits.
Genesis: A popular theme framework.
NitroPack: A leading site speed and performance solution to help pass Core Web Vitals and boost PageSpeed scores.
The dispute revolves around WordPress.org’s decision to take over the Advanced Custom Fields (ACF) plugin, citing security concerns, which led WP Engine to file a lawsuit.
WordPress.org took control of ACF to address a serious security issue. However, the specifics of the issue have not been disclosed.
WordPress forked the plugin, renaming it to Secure Custom Fields, removing commercial sales integration, and addressing the security issue.
The community has expressed concern over the unilateral intervention by WordPress.org, with some developers worried about the precedent it sets for future plugins.
ACF users have the option to continue using the new Secure Custom Fields version provided by WordPress.org or manually download the original version from WP Engine for continued support.
Users who rely on these plugins should be prepared for potential changes, as the legal and trademark disputes unfold.
Stay tuned as we bring you more updates on this evolving story.
