With great power comes great responsibility

It’s been a choppy old couple of weeks in WordPress land.

I’m not going to go back over the whole clusterfuck – there will be plenty of people writing about what went on – basically a massive spat between Matt Mullenweg (co-founder of WordPress) and mahoosive web host WP Engine.

The row centres on a fundamental question about open source software – Mullenweg claims that WPE are basically leeching a freely available piece of software and using it to build huge profits and not giving enough back to the community. He cites various bits of data around core contribution hours, and WPE countered back with evidence showing their “in kind” contributions – conferences, sponsorship, evangelism and so on.

There’s also a whole bunch of nasty going on under the hood – all of which is far too boring to get into here, but grim looking emails, texts, etc etc.

The fact of the matter is, I have had some sympathy for MM’s point. Open source may well be free and open and according to the licensing fully available for anyone at all to use and make a profit on – but there is some level of ethical consideration here which is important to take into account.

To take an entirely tiny example: at Thirty8 we use WordPress to build sites and we profit from this work, but we also do what we can to put some stuff back into the ecosystem where we can, either through funding CultureObject (our open source museum collection plugin) or through our continued support for the platform through evangelism into the non-profit sector. (Note here btw that these contributions are nebulous and difficult to quantify – can I put my finger on the value we’ve fed back? Nope…)

So – yes – in an ideal world, big commercial entities like WP Engine should give back – and I can understand that MM is pissed off with the fact that there is a multi-billion dollar company like this that he perceives as not doing so.

However…

Firstly – effort and contribution are very hard to quantify. I know and work closely with some of the team behind ACF (now owned and run by WP Engine) – and these guys are superb: proper nerds, properly ensconced in the WordPress ecosystem and contributing all over the place. They’re core contributors, evangelists, plugin makers and code wranglers – and all of this time is contributing to core, but not in any way that is quantifiable.

Secondly – there is a serious wrinkle here. This is not the impressive little guy fighting back against the evil commercial empire. MM is a multi-millionaire with his own hosting companies which are in direct competition with WP Engine. This is all about money on both sides and we shouldn’t forget that.

Thirdly – and most importantly to me: the actions that have been taken have been rapid, impulsive, badly thought through and deeply damaging to the WordPress ecosystem. The sympathy I (and I know many others in the same boat) had with the point about O/S contributions have long since evaporated in the face of the sorts of things that have been done over the past couple of weeks. I have no knowledge of how WordPress / Automattic is structured – but from out here it looks as if there is a single person in charge of this massively important piece of internet infrastructure and he’s taken to turning things on and off entirely on his own. I’ve been shocked at the fact that (apparently) a single individual can just switch off the WP Engine update feed, putting tens of thousands of sites at risk.

“WordPress.org just belongs to me personally”

https://www.theverge.com/2024/10/4/24262232/matt-mullenweg-wordpress-org-wp-engine

Finally though – this latest move – this one is an absolute shitshow. WordPress (or – probably – MM) took arguably the single most important plugin in the ecosystem (Advanced Custom Fields – ACF) – and renamed it Secure Custom Fields.

Yes – they have the rights to fork a plugin under the terms of the license. What is completely, totally wrong is doing what they’ve done – which is to rename the plugin, change ownership but leave the slug in place. For those non-WordPressy, this means that they essentially retain the 2million+ sites that have this plugin installed. Had Automattic / MM done this and started from scratch – that would have been better. Really not great, but better. Doing what they’ve done is effectively a supply chain attack and in my opinion as such, it’s morally indefensible.

It’s also petty, pathetic, and puts many of us on edge about what the future of WordPress looks like. What if other hosts are targeted? What if other popular plugins are “re-imagined” in the same kind of way? How can I be reassuring with my clients that this is a solid, trusted, great to use platform when there is leadership in place with a single individual at the helm who can apparently make site-breaking decisions on the fly?

I’m really hoping that this all blows over. It probably will, and things will carry on again as ever – but I feel it’s made a nasty dent in the incredible WordPress ecosystem, and that’s a huge shame, especially given it’s been largely stirred up by someone who claims to live and breathe this software.

My belief is that there are much better ways to make change happen than Move Fast And Break Things.

(I was hoping that the title of this post was from someone particularly impressive, well known and slightly over-used though it is, but it turns out it’s from Stan Lee / Spiderman. Ah well. Back to the Proust…)

See also…