The conflict between Matt Mullenweg, founder of WordPress and WP Engine continues to shake up the WordPress community. The latest development concerns a major plugin in the ecosystem: Advanced Custom Fields (ACF). Since 12 October 2024, ACF has been completely replaced on the official WordPress.org directory by Secure Custom Fields (SCF), a fork set up by the WordPress security team.
The official announcement was made via a blog post on WordPress.org. Here's what you need to remember.
Unfold: Reminder of the global conflict
This dispute over ACF is one of the many steps in the Growing tension between Matt Mullenweg and WP Engine. The relationship between these two major players in the WordPress ecosystem has degenerated due to differences over the management of the WordPress brand, project governance, and certain WP Engine business practices. These tensions intensified when Mullenweg openly criticised WP Engine, accusing it of harming the ecosystem by disabling certain crucial features (such as revision history), and of muddying the waters with its use of the «WP» brand.
This conflict raises questions about the governance of WordPress and the management of open source in an environment where commercial interests are at stake.
For a more in-depth analysis of the start of this conflict, see the previous article : WordPress vs WP Engine conflict: analysis of the drama.
Contents
A change officially motivated by safety
In a post published on 12 October 2024, Matt Mullenweg announced the creation of Secure Custom Fields as a fork of ACF to respond to a specific critical security flaw discovered in the original plugin.
This is entirely possible and justifiable thanks to the invocation of point 18 of the WordPress guidelines.
« 18. We reserve the right to manage the plugin directory to the best of our ability.»
Point 18 of the WordPress guidelines
Secure Custom Fields completely replaces ACF on WordPress.org and all sites that were using ACF via this repository will automatically switch to SCF when the update takes place.
We can't help thinking that the tensions between the two companies had something to do with this decision. But we're not in Matt Mullenweg's shoes, who, being intelligent and at the service of the WordPress project, probably has good reasons for making this choice.
The ACF team's reaction
Faced with this change, the ACF team expressed its disappointment and concern in an article published on their official blog. They are denouncing a decision which they consider to be unilateral and which, in their view, will have a negative impact on their business, goes against open source principles. Since joining WP Engine, they have worked continuously on the development of ACF, with over 200,000 lines of code and numerous improvements, both in terms of functionality and security.
Here's what they say in their post:
«We are appalled by the actions of Matt Mullenweg, who has unilaterally and without our consent taken control of the Advanced Custom Fields plugin, a tool we have been actively developing for the WordPress community since 2011.»
Extract from original post on the ACF blog
The ACF team advises that users of ACF Pro or those hosted on WP Engine and Flywheel are not affected by this change and will continue to receive updates directly via WP Engine. On the other hand, those using the free version of ACF on other hostings must manually download version 6.3.8 of ACF from their site to continue to benefit from updates on their side.
ACF indicates how to continue using its own version of the plugin if you use the free version of ACF on a host other than your own (WP Engine).
Finally, it is playing the loyalty card on its website with a special insert on the home page:
«You have trusted ACF for more than ten years. The experts who maintain ACF will continue to support and enhance the features our users value and trust.»
WP Engine banned from WordPress.org
We'll be in touch, WP Engine completely banned from WordPress.org, which means that their other plugins can no longer be maintained.
These include Better Search Replace (1+ million active installations), or to PHP Compatibility Checker (200,000+ active installations).
However, these plugins are less essential than ACF and can be replaced by Update URLs and Query Monitor to name but a few.
Impact on users
Differences between ACF and SCF
For the time being, the two free plugins are functionally identical, as the fork is very recent. So we'll have to follow their respective developments to see if one of them stands out for its stability, security or functionality.
It's conceivable that ACF will eventually be integrated into the WordPress core. We'll just have to wait and see.
Pay version of ACF
For the paid version of ACF and WP Engine clients, there are no changes to be expected.
Free version of ACF
If you use the free version of ACF on the real original version of WordPress.org, at a independent host like LRob :
- When your plugins are updated, ACF will be transformed into SCF, then maintained by the WordPress community.
- If you don't agree, you can revert to the version managed by ACF. by reinstalling the plugin from their source
Other WP Engine plugins
If you are using other WP Engine plugins, consider finding a replacement if their access to WordPress.org is not restored.
Conclusion
Although this conflict may raise concerns, it is important to remember that Matt Mullenweg has always aimed to maintain the integrity and security of the WordPress ecosystem. Secure Custom Fields was introduced in this spirit and, despite criticism, Mullenweg remains a respected figure in the community.
While we wait for the situation to become clearer, let's remain cautious about our opinions and keep an eye out for updates and news on this subject.
Until then, give your WordPress sites the best of both worlds with fast, convenient and secure hosting !
Leave a Reply
You must be logged in to post a comment.