The WordPress community is in an uproar following a controversial move by Matt Mullenweg, CEO of Automattic (owner of WordPress.com) and a key figure behind WordPress.org. On October 12th, Mullenweg took an unprecedented step by forcibly replacing the popular Advanced Custom Fields (ACF) plugin and its listing on WordPress.org with a new “Secure Custom Fields” plugin. This action has sparked concerns about stability, trust, and the future of WordPress.
The ACF Controversy: What Happened?
The Advanced Custom Fields plugin, developed by the team at WP Engine, has been a staple in the WordPress ecosystem for over a decade. It allows users to easily create custom fields for posts, pages, and other content types. However, on October 12th, the official ACF plugin on WordPress.org was replaced with a new plugin called “Secure Custom Fields.” This new plugin, developed by Automattic, raised concerns within the community.
Concerns and Risks:
- Unstable Code: The “Secure Custom Fields” plugin is untested and unapproved by the original ACF development team. This raises questions about its stability and potential compatibility issues with existing websites using ACF.
- Loss of Trust: The forceful takeover of the ACF plugin and listing has shaken user confidence in the WordPress.org repository. Users worry about the future of other plugins and the potential for similar interventions.
- Fragmentation: This move could lead to a situation where users have to choose between the original ACF plugin and the Automattic version, potentially creating confusion and compatibility issues.
What Users Can Do:
- Managed Hosting Users: Users on platforms like WP Engine and Flywheel who are already using the paid version of ACF are not affected.
- Free ACF Users (Non-Managed Hosting): Download the genuine version 6.3.8 of ACF directly from advancedcustomfields.com to avoid updates with the unapproved code.
- Users with “Secure Custom Fields”: Follow the process above to switch back to the genuine ACF version.
If you’re just using WordPress for the blog section of your website built with UltimateWB, chances are you haven’t been using the ACF plugin, so no issues there. Actually, you could cut out all the controversies and instability of WordPress from affecting your website and opt to use the UltimateWB built-in Articles app instead.
The Future of WordPress.org:
This controversy raises questions about the future of WordPress.org. The open-source nature of the platform has been thought by many as a point of strength, but this incident highlights the potential for control struggles and conflicts. It remains to be seen how Automattic will address these concerns and rebuild trust with the community.
Additional Resources:
WP Engine Security Team Email:
Hi xxx,
We are reaching out promptly and directly to inform you of Matt Mullenweg’s (CEO of Automattic and owner of WordPress.org) unprecedented and appalling actions on Oct 12th to forcibly appropriate the Advanced Custom Fields (ACF) plugin and .org listing. The potential impact of Mr. Mullenweg’s improper action is that millions of existing installations of ACF will be updated with code that is unapproved and untrusted by the experts on the ACF team at WP Engine. We want to highlight how you can immediately reduce your exposure and risk now, and ensure you are using the genuine ACF. If your website is hosted on WP Engine or Flywheel or you are an ACF PRO customer – you are not impacted and do not need to take any action. You will continue to get the latest updates, securely from the experts on the ACF team.
If you have a website that is NOT managed on WP Engine or Flywheel AND are using the free version of ACF you must perform a one-time download of the 6.3.8 version via advancedcustomfields.com in order to get genuine ACF updates and remain safe in the future. After this one-time download you will be able to safely update as usual via the WP Admin panel.
If your site has already updated to the modified “Secure Custom Fields” plugin, you can also follow the process above to get back to a genuine version of ACF, and should not experience any loss of configuration or data doing so before there is further change to the ACF code.
The WordPress community has trusted ACF for over a decade and the expert stewards of ACF will continue to support and enhance the capabilities that our users love and trust. If you have any questions our technical support team is standing by to support you. On behalf of our entire team, we are grateful for the continued opportunity to serve your customers, your business and team.
For a more in-depth overview of what has happened with the free ACF plugin and WordPress.org, you can read this post here.
The WP Engine Security team
Advanced Custom Fields Website: https://www.advancedcustomfields.com/resources/
Are you ready to design & build your own website? Learn more about UltimateWB! We also offer web design packages if you would like your website designed and built for you.
Got a techy/website question? Whether it’s about UltimateWB or another website builder, web hosting, or other aspects of websites, just send in your question in the “Ask David!” form. We will email you when the answer is posted on the UltimateWB “Ask David!” section.