WP Drama

In case you missed it WordPress has been having some very public drama. It is now affecting everyday users. This is pants dot com.

tl;dr After Matt Mullenweg, BDFL of WordPress and CEO of Automattic, has dragged WP Engine publicly through the mud for not paying a ludicrous amount of money or contributing (enough) to the open source project, WP Engine is suing Automattic and Matt Mullenweg, while Automattic claims misuse of WordPress trademarks.

Timeline of the WordPress Drama; duerrenberger.dev

Things started slowly – July 2024

The WordPress Foundation registered trademarks for “Managed WordPress” and “Hosted WordPress”.

How bad could that be? Right? Right??

Matt Mullenweg throws his toys out of the pram – September 2024

Matt Mullenweg (the guy who started WordPress) tried to use blackmail when he threatened “scorched earth nuclear” if certain demands were not met. those demands were ignored (because of course they were, this is no way for adults to behave). Thus, he gave a speech at WordCamp US criticizing WP Engine and Silver Lake (who own WP Engine).

A few days later, Matt Mullenweg published a blog on WordPress.org (who are supposed to be separate from his business). The post was titled “WP Engine is not WordPress” where in he called WP Engine “a cancer to WordPress”.

Rodrigo Ghedin released an article that called for Matt Mullenweg to step down from WordPress.org leadership. This seems fair IMHO as Matt (IMHO) appears to be suffering from a conflict of interests.

September 20th, 2024 – Matt shocks the audience at an event called WordCamp put on by the WordPress Foundation in which he talks about how private equity like SilverLake can ruin open source ecosystems. WP Engine is the title sponsor for the event at which Matt is using to harm the company’s reputation. Matt tells the audience to ditch WP Engine.

Timeline of WordPress and WP Engine Drama, Joe Youngblood

Matt Mullenweg goes too far (still September)

WordPress.org (probably Matt) blocks access to WordPress updates for WP Engine and all their customers. This prevents critical updates for a massive number of WordPress users who just so happen to be WP Engine customers.

All WP Engine employee accounts are blocked. This prevents updates to plugins used by millions of people.

Some interviews

Around this time, two YouTubers interview Matt Mullenweg to find out WTF? This interview, and this one. (This will matter later).

Legal action starts – October

WP Engine and WordPress exchange legal letters. This is where things start to get spicey like prime realty-TV. First WP Engine sends a cease and desist. Automattic (Matt Mullenweg’s WordPress company) fires one right back at them.

WordPress hosting service WP Engine on Monday sent a cease-and-desist letter to Automattic after Automattic’s CEO Matt Mullenweg called WP Engine a “cancer to WordPress” last week.

WP Engine sends cease-and-desist letter to Automattic over Mullenweg’s comments

The brouhaha in the WordPress community looks likely to escalate into a legal battle around trademarks.

Just a day after WordPress hosting service WP Engine sent a cease-and-desist notice to Automattic asking its CEO to stop publicly trashing WP Engine, now Automattic has sent its own cease-and-desist letter to WP Engine, saying the latter has infringed several trademarks like WordPress and WooCommerce.

Automattic sends WP Engine its own cease-and-desist over WordPress trademark infringement

Then this happened 9th October 2024

Users of WordPress.org are required to legally denounce a third party to use the site.

It gets worse – customer hijacking as WordPress breaches its own code of conduct – 12th October 2024

This is the day that WordPress.org hijacked the plugin Advanced Custom Fields which has over 2M active users and just so happens to be created and maintained by WP Engine. They “fork it” calling the new plugin Secure Custom Fileds but using the old AFC tag so all users (except on WP engine hosting) have an update pushed with minimal changes but all the commercial and upgrade calls to action ripped out.

The community strongly objects flooding the reviews page with one-star reviews and a lot of understandable anger. Rumours abound that the downvotes are being deleted.

The whole thing summerised

WordPress must win

Concerned parties have drafted an open letter calling for change.

The ongoing legal dispute within the WordPress FOSS (Free and Open Source Software) Project has cast a dark cloud over the community.

While both fighting parties claim to have the best interests of the project at heart, the escalating conflict is causing irreparable damage. Valuable time, resources, and trust are being squandered in this unnecessary battle.

We cannot stand idly by as the WordPress ecosystem suffers. It is time to demand a ceasefire and redirect the energy and resources invested in this legal conflict towards the betterment of the project itself.

WordPress Must Win – A Plea for Unity: Safeguarding the Future of WordPress

I filed an Incident Report with WordPress

I was required to legally denounce a company I know nothing about in order to log in to find out why the update chain of a plugin I used was hijacked and replaced with code I don’t trust.

I was indifferent to the whole drama up until this happened. Now I am frightened for what random things worpdress.org will do to my beloved websites in the future. I do not think that I can trust updates going forward.

The characteristics of this behaviour is indistinguishable from a hacking/spam attack not least of all because it breaches the rules regarding plugin forks, the free and open part of Open Source, is a violation of the spirit of the GNU GPL.

I have themes and plugins at various stages of being added to the official repositories but right now, I am strongly considering removing them all. I do not wish my good name to be associated with this toxic behaviour.

Additionally, there is no guarantee that I’m not next. That any plugin author is not next. Mr Mullenweg’s behaviour has undermined my trust in WordPress as a brand, as a product, and as an Open Source project. I see no way to repair this damage aside from a swift change of governance.

I believe this behaviour constitutes multiple breaches of the WordPress.org Community Code of Conduct.

Including but not limited to:

Expectations not met:

  • Being respectful of differing opinions, viewpoints, and experiences
  • Focusing on what is best not just for us as individuals, but for the overall community

Unacceptable behaviour

  • Insulting or derogatory comments, taunting or baiting, and personal or political attacks
  • Public or private harassment
  • Other conduct which could reasonably be considered inappropriate in a professional setting

“Retaliation against those who raise concerns or make reports in good faith will not be tolerated.” – Except that it is being tolerated.

The TOS should, if applied fairly, result in either a temporary ban for “A serious violation of community standards, including sustained inappropriate behavior” or a permanent ban for “Demonstrating a pattern of violation of community standards, including sustained inappropriate behavior, harassment of an individual, or aggression toward or disparagement of classes of individuals.”

The new element for the login page is aggression toward or disparagement of a class of individuals.

If your community code of conduct means anything, you must take action.

I am grateful for this Reddit timeline which helped me get the details in the right order as did this blog post.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

To respond on your own website, enter the URL of your response which should contain a link to this post's permalink URL. Your response will then appear (possibly after moderation) on this page. Want to update or remove your response? Update or delete your post and re-enter your post's URL again. (Find out more about Webmentions.)