The recent clash between Automattic and WP Engine has taken a new turn with the introduction of a plugin titled “Secure Custom Fields.” This plugin has made its debut in the WordPress Plugin Repository and has already garnered over 90 active installations. It replicates many features of the popular Advanced Custom Fields (ACF) Pro plugin, including elements like repeater fields, flexible content, clone fields, a gallery, options pages, and ACF Blocks.
This development follows WordPress.org’s decision last month to take over WP Engine’s ACF plugin, citing security vulnerabilities as the main reason for the action. The plugin was subsequently renamed Secure Custom Fields, raising questions about the implications of this move for developers and users of premium WordPress plugins.
David McCan from WebTNG has provided a thorough analysis of the new plugin in a recent YouTube video. In his review, he notes that key functionalities from ACF Pro, such as update checks and license verification, have been stripped away. He expressed concern over the legality of this fork, questioning whether it adheres to software licensing laws. “This seems like a classic case of a null plugin being hosted in the WordPress plugin directory,” he remarked, emphasizing the necessity for maintaining original copyright notices during such processes.
The controversy has drawn attention from various industry experts and developers. Gergely Orosz, the voice behind The Pragmatic Engineer newsletter, expressed his dismay on social media, stating, “Automattic – the creator of WordPress, a company raising $950M in VC funding – took a paid WordPress plugin built and owned by another dev and re-published it, making it free. If you have a business selling a paid WP plugin: Automattic can null it, anytime. Another new low.” This tweet encapsulates a growing unease among developers who fear the repercussions of such actions on their paid offerings.
Duane Storey also weighed in, pointing out that ACF is now an officially registered trademark of WP Engine. He criticized the actions of Automattic, implying that the version being added to the WordPress repository resembles a nulled edition of ACF Pro, lacking necessary copyright acknowledgments. Storey’s insights raise pivotal questions about the ethical considerations of repurposing proprietary plugins without permission.
Tim Brugman, a full-stack developer, highlighted another critical issue: the Secure Custom Fields plugin deactivates Advanced Custom Fields Pro upon activation, a move he asserts violates the Plugin Handbook’s rules. Such actions could lead to further complications, especially for users who might inadvertently lose access to features they have already paid for.
In response to the mounting criticism, Brandon Kraft, an Automattician involved in the submission of the plugin, addressed concerns on Mastodon. He acknowledged the complex nature of the forking decision and indicated that he was not directly involved in the initial code alteration. Kraft committed to ensuring proper licensing and copyright acknowledgment in future updates, emphasizing that any oversight in this regard was unintentional.
The implications of this incident extend beyond the immediate conflict between Automattic and WP Engine. It has ignited discussions across platforms like Reddit, where users express mixed feelings. While some are outraged by the perceived theft of intellectual property, others celebrate the opportunity to access premium features at no cost. This divide underscores a larger debate about the ethics of software development and the responsibilities of organizations that govern platforms as influential as WordPress.
As the preliminary injunction hearing for WP Engine versus Automattic approaches, the industry watches closely. This case could set a precedent for how plugins are handled in the future and how rights and responsibilities are delineated in the open-source community. The outcome could not only reshape the landscape for WordPress developers but also influence broader discussions on software licensing, copyright protections, and the balance between open-source ideals and commercial interests.
In this evolving narrative, the importance of ethical practices, legal frameworks, and community standards cannot be overstated. Developers and users alike are left contemplating the future of their tools and the platforms they rely on, hoping for clarity and fairness in an increasingly complex digital ecosystem.