AutomatticBusinessTechWordPress

WordPress.org forks WP Engine’s ACF plugin into Secure Custom Fields

WordPress.org has forked WP Engine’s Advanced Custom Fields plugin. Here’s everything you need to know about the change.

By
Shubham Sawarkar
Shubham Sawarkar's avatar
ByShubham Sawarkar
Editor-in-Chief
I’m a tech enthusiast who loves exploring gadgets, trends, and innovations. With certifications in CISCO Routing & Switching and Windows Server Administration, I bring a sharp...
Follow:
- Editor-in-Chief
We may get a commission from retail offers. Learn more
A black and white photograph shows Matt Mullenweg, co-founder of WordPress and founder of Automattic leaning against a textured stone wall. The person's face is obscured by a blur, making it unrecognizable. The individual is wearing a dark coat with a zipper and a hood, layered over a collared shirt. The background is slightly out of focus, suggesting an outdoor setting with additional stone structures. The image captures a casual, candid moment.
Photo by Christopher Michel

Things are getting heated in the world of WordPress! In a surprising move, WordPress.org, the official home of the popular content management system (CMS), has taken control of a plugin previously offered by its competitor, WP Engine.

This all started on October 12th when Matt Mullenweg, co-founder of WordPress and CEO of Automattic (the company behind WordPress.org), announced a “minimal update” to a popular plugin called Advanced Custom Fields (ACF). The twist? This update was actually a “fork” – a new version of the plugin created by WordPress.org, now called “Secure Custom Fields.”

Mullenweg claims this move was necessary to address a security issue with the original ACF plugin and to remove “commercial upsells” – likely referring to features only available in WP Engine‘s paid version. However, he remains tight-lipped about the specifics of the security problem.

This unprecedented action has sparked outrage from WP Engine. They argue that WordPress.org overstepped its bounds by essentially hijacking its plugin without their consent. This situation gets even more complicated when you consider that point 18 of the WordPress plugin directory guidelines (cited by Mullenweg) gives the WordPress team the right to remove or alter plugins in certain situations.

While forking plugins isn’t unheard of, it’s usually done collaboratively or as a last resort. In this case, it seems to be a direct consequence of the ongoing legal battle between WP Engine and Automattic.

Here’s what this all means for you, the WordPress user:

  • Confusion: There are now two versions of the ACF plugin floating around – “Secure Custom Fields” offered by WordPress.org and the original ACF from WP Engine. If you’re already using ACF, you might be unsure which version you have and how to update.
  • Security: While Mullenweg claims a security risk, details are scarce. This could be a genuine concern, or it could be a way to justify taking control of the plugin.
  • Choice: If you’re a free user of ACF, you now have a choice between the new version from WordPress.org and the original from WP Engine. However, keeping up with updates on the original ACF might be more cumbersome.

What to do?

  • Follow reliable WordPress news sources to stay updated on the situation.
  • See which version of ACF you’re currently using and research the differences between the two versions.
  • Do you prioritize security updates and potential feature changes from WordPress.org? Or are you comfortable with the original ACF and potentially taking some extra steps to update it?

This feud between WordPress.org and WP Engine is a significant development in the WordPress ecosystem. It remains to be seen how this plays out and what long-term implications it might have for both users and developers. Remember, staying informed and making conscious choices about your plugins is crucial in this evolving situation.

Discover more from GadgetBond

Subscribe to get the latest posts sent to your email.

Most Popular
Also Read