WordPress vs. WP Engine: The Title Fight Over Advanced Custom Fields

WordPress vs. WP Engine: The Title Fight Over Advanced Custom Fields

In early October 2024, the WordPress community witnessed a rare and controversial event: the takeover of the popular Advanced Custom Fields (ACF) plugin by WordPress.org. This action, spearheaded by Matt Mullenweg, founder of WordPress and Automattic, has ignited a fierce debate about the future of plugin management within the WordPress ecosystem. On the surface, the issue appears to be a simple matter of security, but beneath it lies a complex web of legal, financial, and philosophical disagreements between WordPress and WP Engine, the company behind ACF.

The WordPress.org Perspective

WordPress & Matt Mullenweg’s justification for the takeover centres around two main points: security and commercialisation. According to Mullenweg, ACF, as a plugin critical to many developers, was embedding commercial upsells that didn’t belong in a free, open-source ecosystem. Furthermore, he cited an unspecified security vulnerability as the tipping point that led to the creation of a new, stripped-down version of the plugin called Secure Custom Fields.

This move is framed as a way to protect WordPress users by keeping the plugin ecosystem free from what Mullenweg described as “unwanted commercial interests,” aligning with WordPress’s long-standing principles of open-source development.

Additionally, Mullenweg invoked point 18 of the plugin directory guidelines, which gives WordPress.org the authority to take over a plugin if it poses a risk. In this case, WordPress.org appears to be flexing its governance power, ensuring that critical tools like ACF remain secure and free from any third-party commercial influence.

The WP Engine Perspective

However, the ACF development team and WP Engine have not accepted this explanation quietly. They argue that the plugin was forcibly taken away without their consent, something that has never happened in WordPress’s 21-year history. WP Engine and ACF’s creators emphasised that the plugin was “under active development” and that the security issues could have been addressed without the need for a takeover. In their view, this move was not just about security but about control and legal disagreements between Automattic and WP Engine  .

The heart of the conflict stems from deeper tensions between the two companies, with Mullenweg accusing WP Engine of contributing little to the open-source community while benefiting commercially. WP Engine, on the other hand, sees this as a “hostile takeover” designed to undermine their business, cutting them off from managing updates through WordPress.org.

As a result of all of this, WP Engine has been urging its global and quite vast user-base to update ACF manually via their own platform.

A Divided Community

The fallout from this dispute has sent shockwaves through the WordPress community. For many developers, ACF has been a vital tool since its inception in 2007, offering extensive customisation options for websites, therefore being implemented on large-scale deployments of premium website implementations, not just through Wish a wordpress agency, but on a global scale.

Some users support WordPress.org’s actions, agreeing that ACF’s commercial productisation had become excessive, and that security should always come first. Others, however, see the move as an unprecedented overreach that sets a worrying precedent. If WordPress can seize control of a plugin as popular as ACF, many wonder what this means for the autonomy of other developers’ products – and in many cases, livelihoods.

What’s Next?

For users, the future of ACF remains uncertain. WordPress’s new Secure Custom Fields plugin strips out commercial features, but WP Engine is determined to continue developing ACF independently. This situation leaves many developers and website owners at a crossroads, needing to decide which version of the plugin they’ll trust moving forward.

The broader implications of this takeover will likely continue to unfold. Beyond technical considerations, the incident has exposed deeper philosophical divisions in the WordPress ecosystem over the balance between open-source values and commercial interests.

This saga highlights the tension between open-source ideals and commercial realities. Mullenweg and WordPress.org argue they are acting in the best interest of the community by prioritizing security and open-source values. WP Engine and ACF’s developers, however, see this as a violation of their rights and a dangerous precedent for the future of independent plugin developers.

As this conflict plays out, one thing is certain: the WordPress community will be watching closely, and the decisions made now could reshape the platform’s plugin ecosystem for years to come.

Will it be a WordPress KO? Or an ACF win on the judges score cards following a gruelling battle?

Have thoughts on the WordPress takeover? Let us know what you think in the comments below…