The fight between WordPress founder Matt Mullenweg and hosting provider WP Engine continues to escalate, with Mullenweg announcing that WordPress is “forking” a plugin developed by WP Engine.
Specifically, it’s Advanced Custom Fields—the plugin helping make WordPress editing easier—and is going from the hands of those at WP Engine to come out as a new plugin under the name Secure Custom Fields.
Read Also: UAE-based Web3 gaming startup PiP World lands $10 million in seed funding
This was because “we had to remove commercial upsells and fix a security problem,” Mullenweg said.
The Advanced Custom Fields team responded on X, where they described this as a situation where a plugin “under active development” has been “unilaterally and forcibly taken away from its creator without consent,” which said has never happened “in the 21 year history of WordPress.”.
“This core promise of the community was breached, and we appeal to everyone to consider the ethics of such action, and the new precedent set,” the ACF team wrote.
Read Also: Meta’s Yann LeCun says fears about AI’s existential threat are complete B.S.’
Both Mullenweg’s post on a blog and reply from WordPress claim that such situations have indeed happened in the past, though Mullenweg further added: “This is a rare and exceptional situation caused by WP Engine’s legal attacks, we do not expect this to happen for other plugins”.
They also cited WordPress’s plugin guidelines, which grant WordPress the right to disable or remove any plugin, revoke developer access, or alter a plugin “without developer consent, in the name of public safety.”
Read Also: Google Play’s Judgement Day – Does it matter?
Some background: WordPress is a free, open-source content management system used by many websites (including TechCrunch), while companies like WP Engine and Mullenweg’s Automattic offer hosting and other commercial services on top.
Last month, Mullenweg posted a tirade against WP Engine as a “cancer to WordPress.” The criticisms ranged from WP Engine’s lack of support for revision history to the investor behind it, Silver Lake. Still, he also made it plain that its “WP” branding gives the impression it is officially affiliated with WordPress.
Cease-and-desist letters have flown in both directions: WP Engine claimed Mullenweg threatened to take a “scorched earth nuclear approach” unless the company paid to license the WordPress trademark.
Read Also: Watch Out For This Gmail Scam That Could Easily Fool You
WordPress blocked WP Engine from accessing WordPress.org, then reversed the block before reimposing it. That effectively bars WP Engine from updating the plugin through WordPress.org. It, therefore, cannot have automatic updates that patch security problems.
However, WP Engine has published a patch workaround for those who wish to upgrade the plugin and allow them to use ACF. It states that only free version users need the workaround since pro users will receive updates via the ACF website.
Read Also: Google Gemini can finally make images again —here’s how to use it for free
In a summary of the release, Mullenweg said that Secure Custom Fields will be released as a free, non-commercial plugin: “If any developers want to get involved in maintaining and improving it, please get in touch.”