The conflict between WordPress and the hosting service WP Engine has reached new heights. As previously noted, WordPress’ creator, Matt Mullenweg, labeled the hosting company a “cancer” and accused it of damaging the WordPress brand. It didn’t stop there—WP Engine was banned from accessing WordPress.org’s resources for free.
WordPress allegedly stole a popular plugin developed by WP Engine
Following these developments, WP Engine’s majority shareholder, private equity firm Silver Lake, filed a lawsuit against Mullenweg and Automattic (the company that owns WordPress) for allegedly abusing their power. These latest events suggest that tensions between WordPress and WP Engine are far from over.
WordPress is accused of stealing a popular plugin developed by WP Engine As the legal battle between WordPress and WP Engine rages on, Matt Mullenweg has made another controversial move. Mullenweg updated WP Engine’s popular Advanced Custom Fields (ACF) plugin without the approval of its developers and released it as a new plugin called Secure Custom Fields.
Mullenweg explained that this move was intended to “eliminate commercial upsells and address a security issue,” but the original developers of the ACF plugin harshly criticized him for his actions.
WordPress sites using this plugin are at risk! WordPress sites using this plugin are at risk! A fraudulent plugin that steals credit card information from WordPress sites has emerged. Here are the details!
In a statement on social media, the ACF team claimed that their plugin was taken over by WordPress without their consent. They emphasized that in WordPress’ 21-year history, no actively developed plugin has ever been forcibly taken from its creators without permission, calling it a case of outright theft.
The developers also sent out a notice to users, explaining the situation. Here’s part of their statement:
“We are reaching out to you immediately and directly to address the unprecedented and terrible actions taken by Matt Mullenweg on October 12, to forcibly take control of the (ACF) plugin. The potential impact of Mr. Mullenweg’s improper actions is that millions of current ACF installations could be updated with untrusted and unapproved code, not verified by the ACF team at WP Engine. We want to highlight how you can immediately reduce your exposure and risk, and ensure you are using the real ACF plugin.
If your website is hosted by WP Engine or Flywheel, or if you are an ACF PRO customer, you are not affected and do not need to take any action.
If your website is not hosted by WP Engine or Flywheel and you are using the free version of ACF, we recommend following the steps outlined in the guide we have sent to ensure you have access to updates approved by the ACF team.”
Unfortunately, this dispute between the two parties could lead to serious security issues for WordPress sites worldwide. If ACF’s claims are accurate and Mullenweg did take over the plugin, users may face security vulnerabilities since the plugin is no longer in the hands of its original developers.
What are your thoughts on this issue? Don’t forget to share your opinions in the comments section!
{{user}} {{datetime}}
{{text}}