The Wordpress drama keeps getting worse

Respect the legacy of WordPress, but don't let ambition turn into sabotage; the open-source community deserves better.

I have nothing but the utmost respect for what you've built with WordPress. It's an incredible achievement, and you've been justly rewarded for that accomplishment. However, there is no need to squeeze the lemon that hard; it's undermining open source as a whole. I can't believe I'm opening a video with this, but I fully agree with DHH here: Matt's gone kind of mad, and that's not without people trying to hold him back. I've seen a lot of comments like, "Where are Matt's loved ones? Why is nobody trying to talk him out of what's going on here?" I have to say, it didn't work.

I want to break down everything that's been going on, what I tried to do, and where we're at now. But first, we need to cover how we got here. If you've kept up with the drama up until this point, there will be timestamps below so you can skip to the new stuff. However, I wanted to do a quick overview for those who haven't been keeping up because it's a little crazy.

The starting point of all this drama was when Matt, the CEO of WordPress.com, the creator of the original WordPress, and the guy who runs this company, Automattic, was upset with a brand named WP Engine. WP Engine is one of many places where you can host WordPress. They were acquired by the private equity firm Silver Lake and have been pushing to make things a little more profitable on the WP Engine side. They also haven't contributed a whole lot back to WordPress. There are important things that they help run, such as the ACF plugin (which stands for Advanced Custom Fields), the money they were putting into WP GraphQL, and the sponsorships of events like WordCamp. But as far as Matt was concerned, they weren't contributing enough.

If that was the point Matt was making and he did that in a calm way, I could see this having gone a very different direction. But that's not what happened. Matt went kind of mad. He somehow convinced himself that he was owed an 8% royalty fee for all the money that WP Engine makes, which is absurd. I did an interview with him about how absurd this was, and Primagen also did as well—great content, but I'm not expecting you guys to go watch that; it's two hours of absolute madness. In Matt's own words, things went nuclear.

He decided it was time to make WP Engine the worst possible platform, and he made it very clear he wanted to make WP Engine customers hurt. The first big thing he did was restrict WP Engine user access to wordpress.org, which is the system where you do plugins and updates to your WordPress stuff. It's one of the main reasons WordPress has finally gotten secure over the last few years. So taking that away from them is just destroying the potential security and path for updates on one of the most popular WordPress providers—all out of spite and jealousy. This is when the sentiment towards Matt started to plummet fast because it was clear he was willing to hurt not just WordPress users on WP Engine but the WordPress Community as a whole in order to further his goals of hurting WP Engine in every way he could.

And man, it spiraled since. It seems like this particular plugin, ACF, was a sore spot for him, which is why he made a public announcement that they'd found security issues with the plugin. He also made an interesting statement—see if I can find it here: "What are the best alternatives to Advanced Custom Fields for people who want to switch away? Is there an easy way to migrate? I suspect there are going to be millions of sites moving away from it in the coming weeks." This was an interesting threat, and it didn't go quite how he expected. In fact, things have spiraled quite a bit.

Here's where we get into the more modern news. There are a bunch of details I skipped from before; there are just too many details to keep track of all of them in one short, concise video. Sorry about that. The last update you got from me was when a second legal document was published by WP Engine in the form of a lawsuit towards Matt Mullenweg and Automattic for all of the terrible stuff they've done, including but not limited to Matt threatening the CEO of WP Engine, pretending to do an interview, and then threatening to go to the board of the company, saying that she was interviewing at other places. It's borderline extortion some of the things that have been going on here.

I still can't fathom that the same person I was talking to is doing all of this. I tried my hardest to talk him off these cliffs, but it just keeps getting worse. He announced that ACF had some severe security issues that they were going to responsibly disclose, even though they just want public talking about it. The issue is that at the same time, they put up the wonderful little login blocker—let me see if I can find it; I know I have it pinned somewhere here—they put up this wonderful blocker when you try to sign into wordpress.org that says that you are not affiliated with WP Engine in any way.

=> 00:04:11

When a legacy is dismantled by ego and spite, the community pays the price for the drama.

The situation surrounding the Advanced Custom Fields (ACF) plugin has escalated to a point that can only be described as borderline extortion. It is shocking to witness the same person I was previously discussing matters with engaging in such behavior. Despite my best efforts to talk him off these cliffs, the situation continues to deteriorate. Recently, he announced that ACF had some severe security issues that they intended to responsibly disclose, although it seems their true aim is to gain public attention.

At the same time, they implemented a login blocker on WordPress.org. When attempting to sign in, users are confronted with a message stating that they are not affiliated with WP Engine in any way, financially or otherwise. This requirement means that anyone associated with WP Engine, including those working on the ACF plugin, cannot access WordPress.org to update the plugin. This is already a significant issue. For context, I had a call with Matt the day before this announcement, during which I adamantly urged him not to proceed with this action. I warned him that the only outcome of adding this checkbox would be a massive dump on the sentiment towards him and WordPress, and unfortunately, I was entirely correct.

It is unbelievable that he chose to do this, believing it would yield any positive results. It appears he is willing to let his own reputation sink to the ground if it means dragging WP Engine down with him. In just a few days, 20 plus years of good sentiment have been destroyed because Matt cannot control himself. I know you are watching this, Matt. Why have you not responded to my last set of texts? Are you ashamed? You seem to be aware of the wrongness of your actions, and you need to stop—not just for yourself or your remaining employees, but for all the people in the community you built, who are now witnessing its destruction.

The situation continues to worsen. Someone recently posted that they can no longer contribute to WordPress because they have spent money on WP Engine. In response, someone from the official WordPress account replied in a manner that was clearly inappropriate. The thumbnail for this video is not clickbait; this actually happened. It is astonishing to see such unprofessional and community-destroying behavior unfold. You are dismantling a legacy that took decades to build, with the contributions of thousands of people, one tweet at a time.

Moreover, this does not even account for the individuals that the official WordPress account has blocked, including those who have made significant contributions, such as the API at wordpress.org. It is unfathomable. I have explicitly told Matt that he needs to stop posting from this account, stop blocking people, and cease his current actions. However, he has ignored all of my requests. His typical response is that there is a team running the account, and he cannot control all of them. But Matt, you are the boss, and you can intervene.

Things have fallen apart in a way that may never be recoverable. The official Advanced Custom Fields Twitter account recently stated, "We’ve been made aware that the Advanced Custom Fields plugin on the WordPress directory has been taken over by wordpress.org." This is unprecedented; a plugin under active development has never been unilaterally and forcibly taken away from its creator without consent in the 21-year history of WordPress.

The implications of this takeover are significant. The URL for the plugin now points to a version called Secure Custom Fields by wordpress.org. They have forked the plugin, made no actual changes, and republished it over the same slug. This means that any users who have previously installed Advanced Custom Fields through the WordPress update system will be automatically updated to a fork by wordpress.org that has no connection to the original ACF plugin by WP Engine. This action is entirely unprecedented in the history of open-source software. I have never witnessed a platform that hosts a plugin maliciously take over something that was being maintained properly and in good faith by its original authors, purely out of spite.

=> 00:07:48

The open-source community is facing a crisis as a major platform takes unprecedented and malicious control over a popular plugin, risking the integrity of collaborative software development.

The current situation surrounding the Secure Custom Fields plugin by WordPress.org has raised significant concerns within the open-source community. What they did is they forked the plugin, made no actual changes to it, and then republished it over the same slug. This means that any users who are using WordPress.org as their update system and have previously installed Advanced Custom Fields will be automatically updated to a fork by WordPress.org that has nothing to do with the original Advanced Custom Fields plugin by WP Engine. This action is actually unprecedented in the history of open-source software. I have never seen a platform that hosts a plugin maliciously take over something that was being maintained properly and in good faith by its original authors purely out of spite. This is unfathomable, and I am far from the only person saying this; it is basically universally agreed that this was an absolute sh*tshow.

Here’s a noteworthy comment from an ex-employee of Automatic: "I worked at Automatic for 5 years with some of the smartest and kindest people I've ever met, many I still consider friends. But this latest action from Matt is so dirty and underhanded that I'm ashamed I ever worked there. I would have taken the offer to leave 100%." This sentiment reflects the growing discontent within the community. A Slack message from Matt regarding the fork received 161 downvotes, and almost nobody is supporting him at this point. He has gone absolutely mad.

Steve from the JavaScript community initially believed that WordPress was in the right regarding this conflict but has since changed his stance. He stated, "I was always iffy; it seemed to me like Matt was having a bit of a meltdown, but this is just unbelievable." DHH, who has a reputation for being reasonable, also weighed in. He remarked, "Matt, don't turn into a Mad King. I hold your work on WordPress in the highest esteem and recognize the temptation of grievances, but that must remain a moral critique, not a commercial crusade." This perspective resonates with many, as the situation unfolds.

DHH further expressed concern about the implications of this action, stating, "This is totally crazy. If the operators of RubyGems.org just decided to expropriate the official Ruby gems, hand over control to a new team, and lock the core team out of it, we are in uncharted and dangerous territory for open source now." This sentiment underscores the potential massive danger to the entire open-source community. If this becomes the norm, it could set a precedent for other open-source providers to follow suit. For instance, imagine if npm took a popular package like Express and published their own fork under the same tag, effectively locking users out of the original. Such actions should be deemed illegal.

The most astonishing part is that they continue to defend themselves as though they are right about it. They claimed that this has happened in the past, but the example they provided was a plugin that had been entirely abandoned. DHH humorously pointed out, "Who blocked the plugin author?" This raises questions about the legitimacy of WordPress's actions. It appears that Matt is the primary actor in this situation, repeatedly putting himself in a bad position and then overreacting to the consequences.

This pattern began when he blasted WP Engine for no reason, leading to their public statement urging him to stop. In response, Matt took the worst possible action by blocking their access to WordPress.org, claiming they put him in that position. No, Matt, you put yourself in this position. You keep digging the goddamn hole. I offered to help you dig out of it; you have my number, and you've called me about these things. Yet, you still do it. The next time you call me and say you're going to do something dumb, I will tell you it's dumb, and if you do it anyway, it's over.

It would be ignorant of me to think I'm the only person in your life telling you these things. Either I'm the only one speaking up, and you've surrounded yourself with yes-men, or you're ignoring everyone else with better judgment. So here's to you, Matt. This is your opportunity—your last chance. Many probably aren't even giving you this chance. In fact, look at the comment section; I'm sure no one else is, but I will. You get one more chance. You need to put out a big formal apology, shut the f* up, and wait it out. You've done too much damage. Any further calls that are in the form of anything other than an apology will only hurt the community you have spent over 20 years building. If you're okay with watching them burn because you're on this stupid crusade, then have at it, Matt. I'm done.