Issue #500
Matt Takes Over ACF + Is WordPress Future Threatened?
Well, we made it through Hurricane Milton. And so did our house.
The neighborhood looked like a warzone. Trees down everywhere. Even our own property had one of our largest oak trees go down and we were incredibly lucky that it didn’t fall on the house.
The morning after, though, we went to work. I spent 3 days working to clean yards, clear the roads, attend to our own home without power, help neighbors. Never spent this much time on a chainsaw until now.
Unfortunately, we had several neighbors end up with trees on their home, including an older lady across the street who lives alone and takes care of her 93-year old mother. And they had a large oak tree collapse the roof of their 2 rear bedrooms. They’re completely fine and in good spirits, but definitely a mess.
Overall, though, everybody has been in good spirits. Neighbor helping neighbor. People checking on each other. Helping each other. Kids suddenly outside playing again because their gaming PCs didn’t work. š
We’ve got our power back now and, other than a huge downed oak in our backyard and tree parts everywhere waiting to be hauled away, things get back to normal.
As you might imagine, last week was a wash in terms of getting much work done. Writing last week’s newsletter was practically the only thing I did all week, outside of answering some emails. So, got a lot to catch up on here.
And, as I tuned back into things when I could, I saw that Matt Mullenweg (founder of WordPress) was on a continued quest to “stick it” to WPEngine. And boy did he do a doosie on this one. š¤Ŗ
Oh, and I just noticed…. issue #500! Man, I should probably have planned something interesting to mark the 500th issue. But, been too busy not getting blown away down here. š
But, let’s dive in…
In This Issue…
Matt To ACF: Get Forked
As you may remember, Matt Mullenweg (founder of WordPress) has been at war with Silver Lake (the firm behind WP Engine). It has been a war of words as well as legal filings. I’ve talked about that in previous issues – Issue #497 and Issue #498.
But, it was escalated yet again by Matt. And frankly, this is pretty sketchy and I don’t see how it could be looked at any other way.
Advanced Custom Fields (ACF) is the most popular custom field plugin in the WordPress space. And it was acquired and was being developed by WP Engine. Which means…. Matt hates it. š¤”
It started with Matt cutting off WP Engine customers from being able to access plugin updates. He also blocked the WP Engine team from being able to even log into their accounts at WordPress.org to take care of plugin updates.
After blocking them from being able to fix anything, Matt comes out and declares a security issue with Advanced Custom Fields. Frankly, almost seemed as if he was lying because the timing was suspicious as all get out. They’ve never before (that I recall) outted a plugin security issue so publicly, but this time do so after he makes it such that they couldn’t even fix it if they tried.
Well, over this last weekend, things got crazier. Because now Matt has basically forked Advanced Custom Fields (ACF) into an entirely new plugin he’s calling…. Secure Custom Fields.
Well, he calls it a “fork”. A “fork” is when you create a new piece of software based on another one. But, this isn’t a fork. Instead, it was a hostile takeover.
Same exact listing in the WordPress.org repository. Same reviews. Same download count. Now just taken over with a different name as if WordPress.org now officially is the creator of this plugin that so many people use.
The excuse here is to fix a security issue. What anybody paying attention sees, though, is that the ACF folks dutifully fixed it like would always happen, but Matt is BLOCKING them from issuing the update! And now, he’s basically stolen the software.
You can read ACF’s response to Matt here on their blog.
Honestly, I find this action pretty disheartening and it is hard not to see Matt as having lost his ever-loving mind. It is just sad to watch. But, the question is… where does this leave us? Will this affect anything for those of us who use ACF?
In my personal opinion, I would not use Secure Custom Fields. While the functionality may remain, we don’t know how it will be maintained because it has no track record. And the track record it APPEARS to have isn’t from them. They stole the listing.
If you are using the free version of Advanced Custom Fields, I would ensure you are using the latest version directly from their website. You will need to do a one-time manual update of the plugin then, from there on, updates will be automatic just like normal because it will bypass WordPress.org. If you have any difficulity doing that, just reach out and I can help you even if you’re not a client now. Just ask.
If you are using the PRO version, none of this impacts you anyway.
If you are a Concierge client who happens to be using the free version of ACF, reach out right away and I will upgrade you to PRO.
But, I would not recommend you use “Secure” Custom Fields.
WordPress Quick Bits
Wanna Keep Up With Matt’s Antics? Somebody set up BullenWeg.com, where you can follow the whole timeline of this WordPress drama. As it says, “Every time Matt Mullenweg has lied, misrepresented or behaved in a questionable manner.”
WP Fusion Sends C&D To Automattic. Love this one. Jack, from WP Fusion, has sent a cease & desist letter to Automattic for trademark infringement of WP Fusion Lite on WordPress.com. And this is a SOLID point, right here. Because, WordPress.com mirrored the entire repository to their commercial site and then positioned all of the plugins as benefits of their commercial offer. Can’t help but give Jack a slow clap on this one. Right on!
EchoDash Tease. Jack (from WP Fusion) is also involved in an upcoming new product called EchoDash. This is a centralized dashboard where you can view activity from sources such as Stripe, WooCommerce, Calendly, etc. I know it will expand over time, too. Could be a useful tool in the future.
ConvertKit Becomes Kit. This will take some getting used to, but ConvertKit is now going to be known simply as…. Kit. You can check out their announcement here. They’re now positioning themselves as “the email-first operating system for creators”. I like the re-branding, but yeah… I need to re-train my brain here. š
Brands Becomes Part of WooCommerce. The Brands functionality which was formerly a premium plugin for WooCommerce s now going to be folded into the WooCommerce core product in the 9.4 release. You can read about it here. Oh, and BTW, the release date for WooCommerce 9.4 was delayed to November 4.
TutorLMS 3.0 Beta 3. The third beta release of the upcoming TutorLMS is out. New in this version is tax management, password-protected courses, certificate control for subscription plans, Stripe integration and several fixes. You can read more about the whole TutorLMS 3.0 Beta here.
User Avatars In CSS. A new plugin called Leafio Letter Avatar was released that can create user avatars on the fly using the first letters of the user’s name and do so entirely in CSS. Could be useful for communities or sites with comments on where users may not have actual avatars in place from Gravatar.
SureCart surpasses Easy Digital Downloads. Adam Preiser posted on X that SureCart has officially surpassed EDD as the #2 most popular ecommerce plugin for WordPress. Well done to the SureCart team! And also… another popular plugin (EDD) sinking after Awesome Motive bought it. EDD and Thrive Themes can hang out down there. š
Matt Gets Even Pettier. He changed the login screen to WordPress.org to include a checkbox to attest that you’re not part of WP Engine. Look for yourself. What a hoot.
Fixing the performance of your website is often confusing. Lots of jargon. Lots of adviceā¦ most of it confusing. And truth is, it is a pretty holistic thing to tackle. You need to have a “big picture” understanding of what’s going on. You can’t just install a plugin and be done with it.
When you book WP Speed Fix, we’ll fix up your site’s performance scores. And we’ll do it together. I have the experience and all of the tools. And we’ll get it done.
Is The Future Of WordPress Threatened?
This whole tantrum by Matt on WP Engine has some folks out there being dramatic and acting as if the entire future of WordPress is in jeopardy. I’d like to say a few words about that here.
The short story is… WordPress will be just fine. And you using WordPress will be just fine.
I’ve seen agency owners questioning their futures using WordPress for their clients, but I find that argument to be stupid. Smart agencies don’t offer WordPress. They offer SUPPORT. And none of that changes.
Heck, my Concierge services are based around WordPress, too. But, ultimately, I am in the client care business. Literally, nothing changes.
In the end, WordPress is the most flexible and free website platform that exists. Ultimately, it is SO free that the marketplace can devise any workaround or new solution that is ever required. New plugin repositories, new plugins… and heck, even entire forks of WordPress itself if it ever came to that.
Plus, let’s not ever forget that when you self-host WordPress, you own and control that code. Your site is forever your’s.
So, are these people acting as if WordPress is threatened going to then make an argument to go over to something like WebFlow? Or Wix?
Would you be better off in some commercial, proprietary wall-garden where you don’t really control anything? Of course not!
Would you be better off in Drupal or some other open source platform? No. There’s a REASON hardly anybody uses Drupal. š
So, no, you’re perfectly safe using WordPress. The landscape may change, but the platform will long be the best platform.
How will all of this ultimately play out? Frankly, I don’t know. But, the WordPress ecosystem will forever change in some way from all this. But, that doesn’t mean it will be a bad thing.
Maybe Matt’s role will end up being diminished, which would probably be a good thing at this point.
Maybe we’ll get clearer governance of WordPress core, with more decentralization. That would be a good thing.
Maybe we’ll see a fork of WordPress itself. It is hard to know, at this point. But, even that isn’t necessarily a bad thing. In fact, I could see some real good coming from it. And competition is never a bad thing. Actually, there are already WordPress forks out there, but didn’t really go anywhere. For one to really make a dent, it would need to have solid backing.
Remember, we’re here using WordPress as a platform. And this is not a platform lock-in like would happen if you were on some proprietary system. Even if the platform you’re using wasn’t even called WordPress anymore… it would still work.
So, I’ll continue to watch this nerd drama unfold. And I’ll let you know if anything happens that is relevant to you.
But, am I worried about the WordPress platform or your security while using it to power your business? Not even remotely.