A Fork or a Takeover? Inside WordPress.org's Controversial Move on ACF
The WordPress community has recently been stirred by a significant development: the fork of the Advanced Custom Fields (ACF) plugin by WordPress.org. This controversy comes amidst an already tense climate between WordPress and WP Engine, raising further concerns about open-source governance and power dynamics within the ecosystem. The forced takeover of Advanced Custom Fields (ACF) has added fuel to the fire, leaving the community divided on the ethical implications of this move.
What Happened? The Forcible Takeover of ACF
On October 12th, 2024, the ACF plugin, which has over 2 million active installations, was forked by WordPress.org. The decision, led by Matt Mullenweg, CEO of Automattic, was justified under point 18 of the Plugin Directory guidelines, allowing WordPress to take control of plugins to ensure user safety and plugin quality.
Tweet by WordPress.org :
"Invoking point 18 of the plugin directory guidelines, we are introducing Secure Custom Fields (SCF), a free fork and drop-in replacement of the Advanced Custom Fields (ACF) plugin. You can safely uninstall ACF and activate SCF from the #WordPress plugin directory."
The SCF fork has sparked debate within the community, with many questioning the ethics of WordPress taking over an existing plugin with a large user base and using the same slug, reviews, and install count.
This action came as a shock to the ACF team, which has been actively developing the plugin for over a decade. The team, now part of WP Engine, has expressed their disappointment, calling the move a violation of the open-source principles that have guided the WordPress community for over 21 years.
Tweet by Advanced Custom Fields :
"We have been made aware that the Advanced Custom Fields plugin on the WordPress directory has been taken over by WordPress dot org. A plugin under active development has never been unilaterally and forcibly taken away from its creator without consent in the 21 year history of WordPress."
ACF's creators argue that the move was unnecessary and harmful, pointing out that they have made over 15 updates to the plugin in the last two years, adding significant functionality and maintaining security.
WordPress.org’s Justification for Secure Custom Fields (SCF)
Amidst growing criticism over the forced takeover of Advanced Custom Fields (ACF), WordPress.org justified its decision of introducing Secure Custom Fields (SCF), a non-commercial fork of ACF. The fork removed commercial upsells and addressed what WordPress.org described as a security risk posed by the original plugin. SCF is now positioned as a replacement for ACF, with sites relying on the WordPress auto-update system automatically switched to the new plugin. WordPress.org argued that the move was in the best interest of the community, prioritizing user safety and plugin quality.Tweet by WordPress.org :
"This has happened several times before, and in line with the guidelines you agreed to by being in the directory. Best of luck with your version. We're looking forward to making ours amazing for our users, using the best GPL code available."
Community Reactions: Divided Over the Takeover
The WordPress community has been divided in its response to this takeover. While some users appreciate the security concerns addressed by WordPress.org, others feel that the move undermines trust in the open-source ecosystem.
- One user expressed frustration:
"They call it a fork while taking over:
1) ACF’s slug on WP org
2) the 2+ million installs
3) customer reviews
It’s not a fork. It’s a forceful takeover." - Another long-time user commented:
"This is very upsetting and not a good look for WordPress. We build enterprise level sites powered by ACF. This is causing concerns with our clients and making them question if WordPress is the right fit. You're damaging the brand. This feud needs to stop." - Another developer questioned the fairness :
"My consciousness cannot fully put up with this. Couldn’t it be better if the fork was a totally brand new plugin? Separate URL, without taking ACF’s reviews and ratings? What loss does it bring to the @WordPress community?"
Other users raised concerns about the precedent this sets for other commercial plugin developers who rely on WordPress.org for distribution. Some fear that this move signals a shift in how WordPress.org will handle plugins developed by third parties, potentially leading to more forceful takeovers in the future.
- An experienced WordPress user raised concerns about trust:
"I’ll continue to use ACF Pro. @photomatt is undermining the entire system of trust in the plugin repository and deployment system. Is any commercial plugin developer safe now?"
ACF’s Response: Protecting Their Users
In response, the ACF team has reassured their users, particularly those on WP Engine, Flywheel, and ACF Pro, that they will continue to receive updates directly from the ACF team. For users of the free version of ACF hosted elsewhere, the team has provided a one-time download link to version 6.3.8, which will ensure that they continue receiving updates directly from ACF.
Tweet by Advanced Custom Fields:
"Our ACF plugin has been taken over forcibly by WordPress.org without our consent. If you are a WP Engine, Flywheel, or ACF PRO customer, you do not need to take any action and will continue to get the latest from the ACF team."
The ACF team has criticized WordPress for acting without consent and undermining the open-source principles that have guided the community for years. They have encouraged users to stick with the official ACF version, highlighting that WordPress.org no longer controls the code or updates of their plugin.
Implications for the WordPress Ecosystem
This incident has raised important questions about the future of open-source governance in WordPress. While WordPress.org has defended its actions as necessary for security and user safety, critics argue that this move could undermine trust in the plugin repository and damage relationships with developers.
Some fear that if WordPress.org continues to invoke its right to take control of popular plugins, it could create a chilling effect, discouraging third-party developers from contributing to the ecosystem. As the WordPress community continues to process this unprecedented move, it remains to be seen whether this will lead to broader changes in how plugins are managed and distributed in the future.
Looking Ahead
As the conflict between WordPress.org and WP Engine escalates, with ACF caught in crossfire, the implications for the WordPress ecosystem will continue to unfold. This controversy raises important questions about the governance of open-source platforms, the balance of power between plugin developers and WordPress, and the future of commercial plugins in the directory. The community will be closely watching how this dispute evolves, and whether it sets a new precedent for plugin management within the WordPress platform.
Related Articles
Automattic’s Alignment Offer: A Strategic Response to Internal Disagreement.
WP Engine’s Ban from WordPress.org: Temporary Reprieve, Community Reactions and Solution Deployment.
WP Engine’s Ban from WordPress.org: What It Means for Users and the Ecosystem .
The WordPress-WP Engine Clash: A Deep Dive into Open-Source Tensions and Trademark Disputes.
The Power of Ecosystem Thinking: How WordPress Thrives Amid Corporate Interests.