> This update is as minimal as possible to fix the security issue.<p>> This is a rare and unusual situation brought on by WP Engine’s legal attacks, we do not anticipate this happening for other plugins.<p>So.. is this fixing a security issue.. or is this because of WP Engine?<p>> and are forking Advanced Custom Fields (ACF) into a new plugin<p>And stealing their place in the plugin store. A fork generally implies that you are going to set off on your own, and not inhabit the dead flesh of the project you just killed.<p>Matt Mullenweg is the biggest child I have ever seen in operation.
So WordPress-the-org — which is effectively Matt, as far as I can tell — just Sherlocked a developer's plug-in using the developer's own code, ostensibly as retribution for a security issue that the developer had already fixed. <a href="https://www.advancedcustomfields.com/blog/acf-6-3-8-security-release/" rel="nofollow">https://www.advancedcustomfields.com/blog/acf-6-3-8-security...</a><p>What am I missing?
Wordpress banned forks from the plugin directory a while ago, so they're doing what they ban everyone else from doing. <a href="https://make.wordpress.org/plugins/2021/02/16/reminder-forked-premium-plugins-are-not-permitted/" rel="nofollow">https://make.wordpress.org/plugins/2021/02/16/reminder-forke...</a>
Related: the main developer on the Fields API proposal is calling it quits on involvement with WordPress.<p><a href="https://github.com/sc0ttkclark/wordpress-fields-api">https://github.com/sc0ttkclark/wordpress-fields-api</a><p>I'm not entirely sure what it is but it has over 350 stars and quite a few forks so it's probably important.
If anyone from Automattic is reading this and would like to confidentially leak any internal information about this behaviour from Matt, please email admin@bullenweg.com and I will publish it on bullenweg.com.
This is one of the sleaziest things I've ever seen. I fear a hard fork of WordPress is now inevitable and unfortunately, it's possibly going to kill the platform, all over one man's ego. How can I now sell my clients on using WordPress for mission critical things if on a whim the owner of WordPress can break my site or lock out my security updates, just because I chose the "wrong" host or plugin? I don't see how the Board can sit by and let this all unfold like this, it's practically business suicide.
If anyone is interested in the extended controversy surrounding Wordpress, there is a site that has been tracking everything.[0]<p>[0] <a href="https://bullenweg.com" rel="nofollow">https://bullenweg.com</a>
Link to the delta from the latest code revision where they replaced “ACF” with “SCF”.<p><a href="https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3167679%40advanced-custom-fields&old=3164480%40advanced-custom-fields&sfp_email=&sfph_mail=" rel="nofollow">https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph...</a><p>Not a lawyer, but since WPE sells ACF services, can WP redirect users away? That is directly impacting a competitor’s bottom line.
Blog post on wordpress.org concerning this: <a href="https://wordpress.org/news/2024/10/secure-custom-fields/" rel="nofollow">https://wordpress.org/news/2024/10/secure-custom-fields/</a>
According to <a href="https://make.wordpress.org/plugins/2021/02/16/reminder-forked-premium-plugins-are-not-permitted/" rel="nofollow">https://make.wordpress.org/plugins/2021/02/16/reminder-forke...</a> this is piracy.<p>Let's look at newer documentation:<p><a href="https://developer.wordpress.org/plugins/wordpress-org/detailed-plugin-guidelines/" rel="nofollow">https://developer.wordpress.org/plugins/wordpress-org/detail...</a><p>> The use of trademarks or other projects as the sole or initial term of a plugin slug is prohibited unless proof of legal ownership/representation can be confirmed<p>The plugin is at <a href="https://wordpress.org/plugins/advanced-custom-fields" rel="nofollow">https://wordpress.org/plugins/advanced-custom-fields</a> and advanced custom fields filed for trademark last December <a href="https://trademarks.justia.com/983/21/advanced-custom-98321164.html" rel="nofollow">https://trademarks.justia.com/983/21/advanced-custom-9832116...</a><p>Also<p><a href="https://developer.wordpress.org/plugins/wordpress-org/plugin-developer-faq/" rel="nofollow">https://developer.wordpress.org/plugins/wordpress-org/plugin...</a><p>> We also don’t accept 100% copies of other people’s work<p>There's a clause which looks applicable <a href="https://developer.wordpress.org/plugins/wordpress-org/plugin-developer-faq/#what-happens-to-a-plugin-if-the-plugin-owner-gets-blocked" rel="nofollow">https://developer.wordpress.org/plugins/wordpress-org/plugin...</a><p>> What happens to a plugin if the plugin owner gets blocked?<p>however the page says "Last Updated: 12 October 2024" and <a href="https://github.com/WordPress/developer-plugins-handbook/blob/75d06a1d9c8572e2ee20667c6f8e4364647221d6/wordpress-org/plugin-developer-faq/index.md">https://github.com/WordPress/developer-plugins-handbook/blob...</a> (permalink at the time of writing this) doesn't have this section. So it really looks <i>someone</i> manually edited the page on wordpress.org without editing the source. Now, who has such permissions and has the motive to do this?
I thought there weren't any hinges left for Matt to unhinge. He <i>dug</i> for that minior vulnerability to be to able to justify that takeover.<p>Who can ever trust this guy and his company, ever again?
Pathetic. Matt banned one of the most popular WordPress plugins. Then, he forked the code and hosted it on WP.org, which is against the Terms of Service. He also hosted it in the plugin directory on the same path as ACF, stealing its SEO traffic. Wow!<p>Matt's state of mind is clearly not good. If I were an investor in WordPress, I would start thinking about cutting my losses. WordPress will not recover from this self-inflicted destruction<p>*Update*
Oh, it's worse than that. He just renamed the ACF to SCF and claimed all the installations and reviews from ACF. I still can't believe this happened. This can't be legal!
OK so:<p>1) WordPress clearly lacks functionality like ACF that belongs in core<p>2) Many developers clearly like ACF<p>3) Many do not (it's messy in the DB, if you ask me)<p>4) Core functionality that was if not API-compatible, at least API-familiar with ACF would be welcomed by many<p>5) Creating a new plugin that did this, that was transitioned into core (like other functionality has been), would be a good plan<p>6) Commandeering the slug for a decade-old commercial plugin like this, to replace it with a fork, is so obviously fucking bad form that it's still hard to believe it is happening even given all the other whatthefuckery that has been happening.<p>ETA: 7) "<i>Secure</i> Custom Fields"? Really? The difference is what?<p>What the fuck, Matt?<p>ETA: personally I understand many of the frustrations with WP Engine's positioning. I have experienced exactly the trademark confusion issues that the lawsuit has been about, where clients have assumed WP Engine is WordPress itself. I don't use them after some iffy customer service and technical issues early on. But this is absurd behaviour.
I can't even follow what's going on here, and I used to be an expert in software licensing drama. All I see is a bunch of unilateral actions driven by Matt Mullenweg that breaks so many implicit promises of how a free software steward should behave.<p>Wordpress sites quite often seen to be a hodge-podge of plugins, each with their own UI and conventions, and (as a host) I'm never an expert in anye one of them. Has one of the site designers used a plugin that has offended Matt? Or that might offend him in the near future? How do I even audit for that?<p>I don't need much of a push to move my position on this. Before: "eh, use Wordpress if it's cheaper" Now: "please don't, that decision will probably cost me".
It is as if Wordpress [1] is asserting that the original author is a danger to public safety. Their terms read: ...<p>To that end, we reserve the following rights: ... to make changes to a plugin, without developer consent, in the interest of public safety.<p>[1]: <a href="https://x.com/WordPress/status/1845179613783142426" rel="nofollow">https://x.com/WordPress/status/1845179613783142426</a>
ProcessWire CMS (<a href="https://processwire.com/" rel="nofollow">https://processwire.com/</a>) is a neat alternative if one requires quite complex set of custom fields on a website.
Posted this in the other thread:<p>A lot of the comments seem to call out Matt (right or wrong). But that’s the easy thing to do.<p>No one dares address the systemic issue of for profit corporations exploitatively (ab)using open source software.<p>There is a social contract that people should contribute back, and while it’s largely unenforceable, as it should be, when it’s happening on a systemic level something has to be done. And we are all complicit if we don’t at least say that much and spare some good will towards the guy actively in that fight at least superficially<p>*Following is a response to some replies on the other thread, that clarifies my points
*<p>Matt being a poor steward of gpl is by definition not a systemic issue … unless ur claim is that many people in positions like him do what he does which is in turn caused by invariant factors?<p>The systemic issue is companies the world over not giving their fair share back in terms of contributing to foss.<p>I might agree with most of your points, I’m just trying to get people to realize there’s the local issue of Matt/wp and then there’s this global issue of companies building businesses off foss and not giving back.
Just stealing plugins right now? Or is this some kind of "eye for an eye" situation?<p>I'm really turned down from the whole ecosystem by this total shitshow. Seems like everything could be pulled from under running sites if some clown decides he doesn't like it anymore.<p>At this point I just hope that WP Engine wins whatever lawsuit happens and Matt Mullenweg (and everybody who was involved besides him) has to pack his things and leave everything WP-related forever.
We no longer do custom WordPress work --- it turned out to never be worth the hassle --- but when we did, our company used ACF extensively. High quality plugin with responsive support and very fair licensing terms.<p>This --- to me --- smacks of complete bullshit.
This whole saga is surreal because I thought myself to be constitutionally incapable of rooting for a private equity firm to win a fight, but this is like watching a guy violently strain to shit his pants while yelling “Look what they made me do!”<p>Also the guy is in a hot tub with all of his friends and employees
If you were an insider deliberately trying to tank WordPress, it is hard for me to imagine anything you could do that would be more effective than this.
This is a human being, making a mistake, only to be bullied by literally the whole internet?<p>Never have I ever witnessed a lynch with any positive consequence whats so ever in my entire life.<p>Empathy all the way. We all make mistakes. Stay kind and positive.