Advanced Custom Fields plugin at center of WordPress trademark dispute
WordPress.org's unexpected fork of the popular Advanced Custom Fields plugin sparks controversy and user concerns.
In a move that has sent ripples through the WordPress community, the popular Advanced Custom Fields (ACF) plugin has become the focal point of an escalating trademark dispute between WordPress.org and WP Engine. The situation, which came to light on October 12, 2024, has raised concerns about plugin ownership, open-source principles, and user trust.
Matt Mullenweg, CEO of Automattic and founder of WordPress, announced that the WordPress security team has invoked point 18 of the plugin directory guidelines to fork ACF into a new plugin called Secure Custom Fields (SCF). This action was taken in response to alleged trademark violations and security concerns.
According to Mullenweg's statement on the official WordPress News blog, "On behalf of the WordPress security team, I am announcing that we are invoking point 18 of the plugin directory guidelines and are forking Advanced Custom Fields (ACF) into a new plugin, Secure Custom Fields. SCF has been updated to remove commercial upsells and fix a security problem."
The dispute traces back to October 3, 2024, when the ACF team announced that plugin updates would come directly from their website rather than the WordPress.org repository. This change in distribution method, coupled with alleged trademark infringements, prompted the WordPress.org team to take action.
For users who continue to rely on WordPress.org's update service, the plugin will automatically switch from Advanced Custom Fields to Secure Custom Fields. Mullenweg emphasized that this update is "as minimal as possible to fix the security issue" and that SCF will be a non-commercial plugin moving forward.
The forking of ACF has sparked intense debate within the WordPress community. Critics argue that this action sets a dangerous precedent for plugin ownership and control. Supporters of the move contend that it was necessary to protect users and maintain the integrity of the WordPress ecosystem.
Daniel Iser, a prominent figure in the WordPress plugin development community, expressed concern over the situation, stating, "This isn't a fork, they took over the ACF and replaced the name. Suddenly today users of ACF will see an update and after installing will no longer be using ACF. Dishonorable, amoral and unethical. I hope someone says it's also illegal."
The ACF team, under WP Engine's ownership, has responded to the situation by providing instructions for users to continue receiving updates directly from their servers. However, the WordPress Security Team has cautioned against this approach until the alleged security issues are resolved.
This development is part of a larger conflict between WordPress.org and WP Engine, involving trademark disputes and disagreements over contributions to the open-source WordPress project. The situation has raised questions about the balance between commercial interests and community-driven development in the WordPress ecosystem.
Key facts
- WordPress.org forked the Advanced Custom Fields plugin on October 12, 2024
- The new plugin is called Secure Custom Fields (SCF)
- The fork was justified citing trademark violations and security concerns
- Users relying on WordPress.org updates will be automatically switched to SCF
- The ACF team, under WP Engine, is providing alternative update methods
- The WordPress community is divided on the appropriateness of this action
- This event is part of a larger dispute between WordPress.org and WP Engine