WordPress vs WP Engine, the 2024 controversy explained
The world's most used CMS, WordPress, is at the heart of a heated controversy. What is the drama all about?
The core of this dispute is between WordPress.org founder, Automattic CEO and owner of WordPress.com, Matt Mullenweg and the WordPress hosting company WP Engine.
About WordPress
WordPress software is a free and open source Content Management System (CMS), you can set up a WordPress site in your own hosting environment or you can purchase a pre-configured WordPress hosting like WP Engine or WordPress.com. WordPress dominates the website market being used on 43% of the websites online, with an estimated 38,000,000 live WordPress websites in 2024. WordPress is reported to have 63% of the market share for Content Management Systems overall, with Shopify coming in second at 6.2%.
Who are the major players?
- WordPress.com - A managed hosting company with hosting specifically designed for WordPress and maintaining core, plugin and theme updates. Creator and maintainer of the highly used WP plugins, Jetpack, WooComerce and Akismet. They are owned by Automattic.
- Automattic Inc - Company that owns WordPress.com. Matt Mullenweg is the CEO of Automattic.
- Matt Mullenweg - CEO of Automattic, Owner of WordPress.org. Co-Founder of WordPress.
- WordPress/WordPress.org - Released in 2003, WordPress is an open source content management system. The WordPress.org code repository is owned by Matt Mullenweg.
- WP Engine - A managed hosting company with hosting specifically designed for WordPress and maintaining core, plugin, and theme updates. Maintains a highly used WordPress plugin called Advanced Custom Fields (ACF). They are majority owned by Silver Lake.
- Silver Lake - Private equity firm with the majority stake in WP Engine.
What is the Dispute?
On Sept 21, 2024 Matt Mullenweg wrote a blog post on WordPress.org calling WP Engine “a cancer to WordPress.” He criticized their branding for using the WordPress abbreviation WP, claiming they were profiting off of the WordPress.org branding without trademark licensing. He further criticized Silver Lake, the private equity firm that is the majority investor for WP Engine, for not contributing enough to the open source WordPress.org project. He also calls out WP Engine for removing the revisions functionality of posts. WordPress revisions allow the user to roll back the content changes made in a post to a previous version if a mistake was made in the live version. WP Engine hosted sites have the revision functionality removed. Mullenweg claims WP Engine does this to save money by not having to store the revision history in the database and by doing this they are disrupting the very core of what WordPress was created for.
“It strikes to the very heart of what WordPress does, and they shatter it, the integrity of your content. If you make a mistake, you have no way to get your content back, breaking the core promise of what WordPress does, which is manage and protect your content.” Mullenweg states in his blog post.
He accuses them of “strip mining” the WordPress ecosystem by disabling features such as this and giving users a “crappier” experience so WP Engine can make more money.
In response to this blog post, on Sept 23rd, WP Engine sent a cease-and-desist letter to Mullenweg and Automattic asking them to retract their statements and stating that its use of the WP abbreviation was considered Fair Use. They claim in their letter that Mullenweg threatened that “he was going to embark on a self-described “scorched earth nuclear approach” toward WP Engine within the WordPress community” if they (WP Engine) did not pay “a significant percentage of its revenues for a license to the WordPress trademark” to his company Automattic before his keynote speech at WordCamp US Convention on Sept 20th. They claim leading up to the Sept 20th keynote Mullenweg repeatedly harassed WP Engine board members and CEO threatening to go “nuclear” if they did not pay up.
WP Engine also defends itself against the accusations made in Mullenweg’s blog post stating that they do contribute to many open source and non-profit projects and their contributions are not just limited to WordPress.org. They also point out that according to WordPress themselves, WP abbreviation is not part of the trademark and free for use, quoting the trademark page on WordPress.org:
“The abbreviation ‘WP’ is not covered by the WordPress trademarks and you are free to use it in any way you see fit.”
In apparent retaliation, on Sept 25, Mullenweg banned WP Engine from accessing the WordPress.org resources, blocking the service WP Engine uses to fetch updates for plugins and themes. This broke updating of plugins and themes for all WP Engine customers, leaving many sites unable to apply security updates. The wider WordPress community was very upset with this move of leaving small websites helpless and unable to update due to this dispute between major players in the industry.
WordPress.org site also updated the content on the trademark statement page, clarifying their stance on the use of the WP abbreviation:
“The abbreviation ‘WP’ is not covered by the WordPress trademarks, but please don’t use it in a way that confuses people. For example, many people think WP Engine is ‘WordPress Engine’ and officially associated with WordPress, which it’s not. They have never once even donated to the WordPress Foundation, despite making billions of revenue on top of WordPress,” the updated page reads.
WP Engine responded by accusing Matt Mullenweg of abusing his control on WordPress.org to interfere with their customers' access to WordPress.org resources.
“Matt Mullenweg’s unprecedented and unwarranted action interferes with the normal operation of the entire WordPress ecosystem, impacting not just WP Engine and our customers, but all WordPress plugin developers and open source users who depend on WP Engine tools like ACF (Advanced Custom Fields),” WP Engine said.
On Sept 27, the ban was temporarily lifted with Mullenweg blaming Silver Lake and writing, “[WP Engine users] have been negatively impacted by Silver Lake‘s commercial decisions”. He stated in a blog post on WordPress.org the ban would be lifted until Oct 1st, and added, “Hopefully this helps them spin up their mirrors of all of WordPress.org’s resources that they were using for free while not paying, and making legal threats against us.”
On Sept 30, one day before the WP Engine ban from WordPress.org resources was to be reinstated, WP Engine updated their footer to clarify that, although they are a proud supporter and member of the WordPress community, they are not directly affiliated with WordPress or WooCommerce. They also changed the names of the subscription plans from “Essential WordPress,” “Core WordPress,” and “Enterprise WordPress” to “Essential,” “Core,” and “Enterprise.” They explained in a statement that this change in terms was done to silence Automattic’s trademark violation claims.
On Oct 1, WP Engine reported it has deployed its own solution to updating plugins and themes. This would allow them to provide plugin and theme updates without using the services that WordPress.org had restricted from them.
On Oct 3rd, Mullenweg added a new checkbox to the WordPress.org contributor login, asking people to verify that they are not associated with WP Engine in any way. This move was criticized by the contributor community. Some contributors said that they were banned from the community Slack for opposing the move.
That same day, WP Engine sued Automattic and Mullenweg over abuse of power in an California court, the lawsuit alleges that Automattic and Mullenweg didn’t keep their promises to run WordPress open source projects without any constraints and giving developers the freedom to build, run, modify, and redistribute the software.
This dispute has embroiled the WordPress community and many employees of Automattic disagree with Mullenweg’s handling of the situation. On Oct 3, 159 (roughly 8.4% of staff) employees left Automattic accepting a severance package of $30,000 or six months of salary, whichever is higher, but the employees who took it would not be eligible to be re-hired by Automattic. The majority of the people who left worked in the Automattic’s Ecosystem / WordPress division.
On Oct 12th, WordPress.org took control of a very popular plugin called Advanced Custom Fields (ACF), this plugin is used by many developers to add and manage custom content fields in the WordPress CMS. WordPress took control of ACF and forked it, citing developer guidelines, which gives them control to change a plug-in “without developer consent, in the name of public safety.” WordPress used the fork to create its own version of ACF called Secure Custom Fields, claiming this new fork was to “remove commercial upsells and fix a security problem.”
Up until now the open source plugin repository for ACF was maintained by WP Engine. With the loss of access, WP Engine is no longer able to make any updates to this plugin.
The Advanced Custom Fields team responded on X (Twitter), describing this as a situation where a plug-in “under active development” has been “unilaterally and forcibly taken away from its creator without consent,” which it said has never happened “in the 21 year history of WordPress.”
WordPress.org and Mullenweg fired back that WordPress taking jurisdiction over a plugin has happened before but did not cite any examples. They further expanded on the security claim by saying “Their [ACF] code is currently insecure, and it is a dereliction of their duty to customers for them to tell people to avoid Secure Custom Fields until they fix their vulnerability. We have also notified them of this privately, but they did not respond.”
On October 18, WP Engine filed an injunction in a California court against Matt Mullenweg, owner of WordPress.org, and Automattic to restore full access for the WP Engine to the WordPress.org repository. The hearing has been set for Nov 26th.
At the TechCrunch Disrupt conference on Oct 30th, Mullenweg took the stage and said he is not worried about the recent legal dispute between WordPress and WP Engine and suggested it may lead to a fork in the WordPress software, which he would welcome. He also alluded to the possibility that WP Engine already secretly forked the WordPress software as the version WP Engine runs is “very, very different” from what the WordPress core is today.
He followed this up saying that in the next few weeks, WP Engine will lose more than 8% of their business. Notably, Mullenweg had asked WP Engine to pay 8% of their revenue as a licensing fee for the WordPress trademark in September.
On Nov 7, in what to many seems a petty act of mockery, Automattic launched a site dedicated to tracking how many people have left WP Engine since Sep 21, 2024. The site is called WordPressEngineTracker, an interesting domain choice given the crux of the dispute is Mullenweg claiming WP Engine misused the WordPress trademark tricking people into thinking WP Engine is affiliated with Wordpress.
It also appears that Automattic is reaching out to agencies and offering a commission of $100 per site up to $10,000, for any sites they migrate from WP Engine to Pressible (a WordPress hosting company owned by Automattic) . They are calling this new outreach “Automattic for Agencies.”
This dispute is still ongoing and WebSight Design will do their best to keep you updated on the latest in the web landscape and what items might affect you.
What about my WordPress site?
If you are one of the WordPress sites using WordPress Managed Hosting by WebSight Design, your update schedule and site security is being actively managed and updated by our team here at WSD.
If you are hosted with WP Engine, you have probably seen a loss of access to updates or other features WP Engine used that were previously provided by WordPress.org. WP Engine says they are aware of how these disruptions have been affecting their customers and are dedicated to security and stability for all their partners and customers. Currently WP Engine sites are set up to update from WP Engine now instead of WordPress.org.
If you are not hosted with WSD or with WP Engine and you are using the free version of the ACF plugin, you will need to either migrate to the Secure Custom Fields plugin that is published by WordPress or you will need to go directly to Advanced Custom Fields website and download the newest plugin version from them that will link the ACF plugin updates to the WP Engine repoistory. Once you manaully update the plugin with this new version, you can contiune updates as normal from your WordPress CMS.
