Automattic vs. WP Engine
Automattic CEO and WordPress co-creator Matt Mullenweg unleashed a scathing attack on a rival firm this week, calling WP Engine a “cancer to WordPress.”
Mullenweg criticized the company — which has been commercializing the open source WordPress project since 2010 — for profiteering without giving much back, while also disabling key features that make WordPress such a powerful platform in the first place.
[…]
It’s worth noting that Automattic has a history in backing WordPress-hosting companies, having invested in WP Engine itself way back in 2011, while Mullenweg also spoke at WP Engine’s conference just last year. Moreover, Automattic also bought a majority stake in WordPress-hosting company Pressable back in 2016, and later invested in GridPane too.
[…]
In response to the brouhaha that followed the talk, Mullenweg published a follow-up blog post, where he calls WP Engine a “cancer” to WordPress. “It’s important to remember that unchecked, cancer will spread,” he wrote.
WP Engine has responded with a cease and desist letter (via Hacker News, Slashdot):
During calls on September 17th and 19th, for instance, Automattic CFO Mark Davies told a WP Engine board member that Automattic would “go to war” if WP Engine did not agree to pay its competitor Automattic a significant percentage of its gross revenues – tens of millions of dollars in fact – on an ongoing basis.
[…]
Mr. Mullenweg further stated that he had already created slides for his keynote speech, taking aim at WP Engine and its investor, and would present them to WordCamp attendees – and to millions of others via livestream on YouTube – if his financial demands were not met.
Rodrigo Ghedin (via Hacker News):
Notably, WP Engine was a sponsor of the event.
[…]
What I find deeply ironic in this situation is his accusation that WP Engine “confused even his own mother,” while he’s the owner of Automattic, which has a hosting service literally called WordPress.com, distinct from the FOSS project WordPress.org — an intentional yet obvious confusion that everyone who interacts with WordPress struggles to understand and has benefited Automattic immensely since ever.
Last year, Matt leveraged the FOSS project and his for-profit endeavor resemblance (and his position in both) to redirect web searches pointed at WordPress.org plugin directory to a mirror hosted in WordPress.com.
pluc:
There’s a widget on the default WordPress dashboard that displays a RSS feed of WordPress.org, where Matt posted his rant, making it show up everywhere.
I respect @photomatt’s opinion that consumers of open source should “give back”, but to my mind that’s antithetical to the notion of it being free. Free things do not come with conditions. Giving back is an option, and always welcome. That’s open source.
Matt @photomatt has SO MUCH goodwill in the WordPress community and I fear he’s squandering it in this WPEngine fight. Whatever the details it’s not coming off well in public. I hope they resolve things soon.
Previously:
- Tumblr and WordPress to Sell Users’ Data to Train AI Tools
- WordPress at 20
- Wix and Their Dirty Tricks
Update (2024-09-25): Automattic (PDF, tweet, Hacker News):
On September 23, Automattic sent the following cease-and-desist letter to WP Engine, outlining WP Engine’s pattern of unauthorized usage of the WordPress and WooCommerce trademarks and demanding that WP Engine stop such behavior.
When you change the trademark policy mid fight to make your case stronger...
The largest applause came from a very brave person who states that Mullenweg punching down feels like vendettas and are demotivating. This person continues by saying that if he had spent the time on stage promoting meetups and talking about bringing new people into the fold, that the positivity would be far more effective than this targeted attack.
[…]
As clearly stated, there is no strict requirement or obligation whereby using WordPress commits you to investing 5% back into WordPress, so how can we just single out WPEngine?
[…]
Are any of these companies after #1 giving back “enough”? It doesn’t appear so if we’re using those pledge numbers vs revenue as the metric. So why are they not getting equal shit live on stage? If that isn’t the metric Mullenweg is judging them by, then tell me what is?
Google’ers even got a shoutout from Mullenweg on stage during the keynote, despite their relatively tiny pledge and Mullenweg acknowledging they have revenue the size of some entire countries GDPs.
See also: Mike Rockwell and astawhiz.
Update (2024-09-26): Thomas Claburn:
WordPress on Wednesday escalated its conflict with WP Engine, a hosting provider, by blocking the latter’s servers from accessing WordPress.org resources – and therefore from potentially vital software updates.
[…]
Among WordPress users posting to Reddit, not everyone is on board with Mullenweg’s war against WP Engine. There’s discussion of a WordPress fork, and pushbackagainstthe WP Engine block.
WP Engine (via Hacker News):
WordPress.org has blocked WP Engine customers from updating and installing plugins and themes via WP Admin.
WP Engine needs a trademark license, they don’t have one. I won’t bore you with the story of how WP Engine broke thousands of customer sites yesterday in their haphazard attempt to block our attempts to inform the wider WordPress community regarding their disabling and locking down a WordPress core feature in order to extract profit.
WP Engine was trying to block Mullenweg’s attacks on their product from being injected into the dashboard of all their customers. That seems entirely reasonable. I host my own WordPress, and I didn’t like seeing his rants there, either.
The reason WordPress sites don’t get hacked as much anymore is we work with hosts to block vulnerabilities at the network layer, WP Engine will need to replicate that security research on their own.
Suddenly pulling the rug on security updates puts users at risk. In response, Patchstack has halted publishing new vulnerabilities, so the end result is that WordPress’s own users will be less secure, too.
Why should WordPress.org provide these services to WP Engine for free, given their attacks on us?
That makes some sense, but it sure seems like WordPress is the one who started the fight and who intentionally broke functionality for users caught in the middle. Even if WP Engine is in the wrong, which I don’t think is clear, this is terrible for the WordPress community. Contributor or not, an open source project should not be sabotaging its users. Mullenweg comes off looking like a maniac.
Update (2024-09-27): Daniel Jalkut:
I was interested to discover that the WordPress Foundation just registered for the trademarks “Managed WordPress” and “Hosted WordPress” earlier this year.
So many thoughts on the WordPress drama but I think my main takeaway is that it makes me sad. We should absolutely be having conversations about how commercial users of OSS contribute back, especially groups like webhosts. But the people being hurt the most right now are users.
I feel thousands of innocent people in our community were harmed in the process just to stick it to a competitor. This is honestly disappointing.
- Automattic blocking WP Engine customers from updating their plugins is deeply hostile. Fine, sue each other into oblivion, but don’t interfere with customers
- Automattic shouldn’t have spent the past couple years overpaying for dumb companies, they’ve spent 10’s of millions on it
- Also Automattic’s tagline “Making the web a better place” Please… follow the money that’s what’s happening here
- Does this mean that there will be a fork in WordPress? I think a non-insignificant chance
You can’t power 40% of the web and act this way, people will fork your shit.
I would love if they forked it! They can run their own user login system, update servers, plugin directory, theme directory, pattern directory, block directory, translations, photo directory, job board, meetups, conferences, bug tracker, forums, Slack, Ping-o-matic, and showcase.
I mean I used WordPress for this very blog for many years and I knew WordPress kept revision history, but I don’t think I ever used it. For what it’s worth, Ghost doesn’t have any revision history, and I’ve never thought to hope they add it. That’s not to say no one would want or need it, just that it’s very reasonable for someone not to need that feature, so to be told by the head of WordPress that I’m not even using WordPress if I’m not using (or able to use) revisions is insane to me.
If Matt Mullenweg thinks WP Engine is illegally using WordPress’s trademark, then I’ll let the courts handle that because I don’t have an opinion either way, but what an odd thing to hang your argument on.
I knew about the revision history but have probably only used it a handful of times, and I don’t think of it has core to WordPress because it wasn’t added until after I switched. Does WP Engine really turn it off to save database space? I kind of find that hard to believe because images use so much more space than text, and I wonder whether most blogs have lots of long posts that are frequently edited. I make lots of updates to posts on this blog, so I do have lots of revisions, and even then the whole WordPress database is only about 300 MB for 22 years of posts and comments.
Eric Mann (via Hacker News):
WP Engine never calls itself “WordPress Engine” in marketing. However, searches for “WordPress Engine” do yield sponsored advertisements for WP Engine. Until this week, they even had partner agencies listed on their own website as “WordPress Engine Preferred Partner Agenc[ies].”
Even if WP Engine isn’t actively trying to brand itself as “WordPress Engine,” they aren’t doing anything to avoid others doing so. A talk at their recent DE{CODE} conference even referred to them as such. It’s clear they are directly benefiting from the name confusion but they do not have the same rights to the trademark as Automattic and WordPress.com.
[…]
Any system pulling remote data from a third party source should have protections against that source becoming unavailable, whether that’s a pull-through cache or even just a circuit-breaker in their system.
One might also ask why the open-source project has hardcoded the URLs for these services to what looks like a domain for the project itself, but it’s actually controlled by Automattic?
Pinning the blame on WP Engine for Matt’s actions is a cop-out. When is the last time a host got removed from access to the WordPress community?
I’m sorry, disconnecting thousands of customers from an essential service with no warning is not normal behavior, and the fact that Mullenweg is promoting this take only highlights that he doesn’t understand how toxic this behavior is.
You are not punishing WP Engine. You are punishing people who bought into this ecosystem.
I have worked with WP for 10+ years now and in my opinion like many others, this is nothing but jealously from Matt whose for profit competitor (wordpress.com and VIP) got beaten by WPEngine.
In fact, you know what confuses regular users ? wordpress.org vs wordpress.com.
Indeed, that does confuse people, and having WP Engine pay to use the trademark would do nothing to reduce the confusion.
1. WP.org is supposedly NOT part of the foundation, but something of Matt/Automattic’s generosity.
2. Despite this, solicits donations that seemingly go to the foundation.
3. Despite this, is hosted on the foundation’s AS number.
4. WP.org may not be under obligation to provide services, but when it chooses to discontinue services to one independent for profit user of the open source software, but not to another ostensibly independent for profit user of the open source software that just so happens to be owned by the person donating the services, then there is a conflict.
5. When the open source software, which has a hard coded news feed source that is mostly written by said owner, and this is used to post articles disparaging that other company, directly to their customers, this is also a conflict.
See also: Matt Mullenweg.
Update (2024-09-30): Cory Birdsong:
I’m not super deep into this side of WP, but supposedly it’s less about space and more about performance. Revisions are stored as another post in the wp_posts table, and they are also created each time you hit “save draft” on a post that hasn’t been published yet. This can add up.
Josh Collinsworth (Hacker News):
Companies have been describing themselves as one or both of those terms for around 15 years at this point. (We freely called Flywheel a “managed WordPress hosting company” the entire time I worked there, and we were far from the first. We were also at one point one of WordPress.org’s recommended hosts. So…obviously, not a big deal.)
Anyway, this filing of spurious trademarks makes it appear very much like Matt’s endgame was to extract money from WP Engine, but he just needed more of a foundation to do it (pun intended?). So, following that initial rejection, Matt set the Foundation arm of WordPress working on securing highly dubious trademarks, which, again, I and most reasonable observers think and hope will fail.
[…]
As an additional point here: if the problem was confusion around WP Engine’s name, why not just ask them for a name change? Why all the contribution stuff, too? Conversely, if Matt’s beef was with WP Engine’s lack of contribution, why is he going after their name and marketing? It feels very much like Matt’s just trying to cobble together all the reasons he can think of to justify his assault, in my opinion.
[…]
Matt also claims WP Engine is selling “something that they’ve chopped up, hacked, butchered to look like WordPress.” His reason for this wild claim? Because WP Engine disables revisions (a default feature of WordPress, albeit a pretty small one).
[…]
WordPress.org is ostensibly the website for the nonprofit foundation; it’s supposed to exist to prevent any one for-profit company from having too much power over the WordPress ecosystem. It’s supposed to be agnostic.
[…]
One of the biggest revelations here is: Matt wanted the money he was trying to get from WP Engine to go to Automattic, which, again, is Matt’s for-profit company.
WP Engine operates a bit differently. It says it focuses on investing in the community through sponsorships and encouraging the adoption of the platform. The hosting platform was acquired by the private equity firm Silver Lake in 2018, and Mullenweg views it as a business that profits off of open-source code without giving anything back.
[…]
Mullenweg doesn’t appear to be wrong about WP Engine’s contributions. But WP Engine is ultimately abiding by the rules of WordPress’ open-source license: it’s generally free to use, and WP Engine doesn’t have to give back to the WordPress community just because it’s banking off the open-source code.
[…]
The fight has garnered a mix of reactions. On one side, people think WP Engine is in the wrong, with some saying the company should contribute more to the open source project and that its use of “WP” is misleading. On the other, some WordPress community members are calling on Mullenweg to step down and accuse of him abusing his power over WordPress.org and WordPress.com. Others believe the situation could result in a fork of WordPress and brought up concerns about whether WordPress will take action against other companies using the “WP” abbreviation or trademark.
Matt Mullenweg (tweet, Hacker News):
We have lifted the blocks of their servers from accessing ours, until October 1, UTC 00:00.
Wait you’re really announcing on a Friday that you’re giving devs till Tuesday to support our clients?? I would happily move the wp engine people to literally any other host but customers like it & have whole processes built on it
Matt, please stop this nonsense. If you cared about those users as you claim, giving them (@WPengine) essentially less than 1 business day to spin up new infra, test it, QA/QC it and more, then add it to production is woefully short. If you’re so concerned about WPE’s access to your servers for free, what is the estimated cost for those charges? It’s nominal, so let’s not make it about that, right?
I’ve used WordPress for years, for my own websites and for clients. I’ve never used WP Engine. But this whole situation has really soured my view on WordPress, knowing one person can cause so much turbulence for so many who rely on it.
Update (2024-10-01): Core Intuition:
Daniel and Manton talk about the community drama and impending fiasco of WordPress and Matt Mullenweg vs. WP Engine. They weigh the arguments of either side. Then they consider the larger issue of dependencies we have on the platforms we develop for, and how we strive for independence from platforms that can make or break our business.
Update (2024-10-02): Rae Morey (via Hacker News):
Automattic CEO Matt Mullenweg has rescinded an 8% licensing deal offered to WP Engine in September, suggesting that escalating tensions between the two companies could lead to a corporate acquisition by Automattic.
In an interview with The Repository, Mullenweg said Automattic now wanted more than 8% of WP Engine’s annual revenue, or an equivalent of resources invested into the WordPress project—or a combination of both—in exchange for the use of its “WordPress” and “WooCommerce” trademarks.
[…]
“I didn’t wake up one day and suddenly decide to do this,” he said. “I was taken advantage of for so many years. The only way to deal with a bully is to fight,” he said.
It sure seems like it’s Mullenweg who’s the bully here and that the selectively applied trademark dispute is a red herring, only introduced as leverage to get revenue or resources, which it’s not clear that the project even needs. He seems to be abusing his position as controller of the .org domain and putting the interests of Automattic ahead of those of the open-source project and community. See also: graeme.
One of the many lies in Silver Lake and WP Engine’s C&D was their claim that Automattic demanded money from them moments before our CEO Matt Mullenweg gave his keynote at WordCamp US.
That is not true. Automattic asked for a verbal agreement that WP Engine would give some percentage of their revenue back into WordPress, either in the form of a trademark agreement or employee hours spent on core WordPress.
For transparency, Automattic is publishing the full term sheet WP Engine was offered on September 20th.
This is deceptive. They don’t seem to be disputing the screenshots, which show Mullenweg extorting WP Engine. And if you read the term sheet, it doesn’t say that the money is requested to go “back into WordPress.” It says that they want 8% of WP Engine’s revenue to be paid to Automattic. The alternative, providing labor instead of money, is to have the employees’ work “directed by WordPress.org,” which sounds like it’s the WordPress foundation but is actually Mullenweg himself. So for all the talk about giving back to open source, this seems to actually be about having WP Engine pay or do work for its competitor.
It has long seemed like there were some conflicts of interest between WordPress.com and the open source project, with the latter being steered to provide holes for the paid product to fill. I think there needs to be more separation from Automattic, either with WordPress.org under community control or with the open source project rehomed to somewhere independent.
Update (2024-10-03): WP Engine v. Automattic (via Hacker News):
This is a case about abuse of power, extortion, and greed. The misconduct at issue here is all the more shocking because it occurred in an unexpected place—the WordPress open source software community built on promises of the freedom to build, run, change, and redistribute without barriers or constraints, for all. Those promises were not kept, and that community was betrayed, by the wrongful acts of a few—Defendants—to the detriment of the many, including WPE.
See also: Matt Mullenweg and safety1st.
The confusion and unrest in the community have been palpable ever since.
People want the leaders of their communities to be reliable, stalwart, reasoned individuals. No matter what is happening, they do not want to see community leaders lash out, react quickly, and make sweeping changes. That is, until they have had the time to fully understand why those changes are being made. The reason we all feel this way is that we immediately get worried that we could be the next target of that leader’s ire next.
Update (2024-10-04): Automattic (Hacker News):
Their complaint is flawed, start to finish. We vehemently deny WP Engine’s allegations—which are gross mischaracterizations of reality—and reserve all of our rights.
“So, how’d you get this job at Automattic, Heather?”
“Oh, the CEO threatened to ruin my career and life if I didn’t take it. I love it here my feedback is welcome all the time. Such a good boss. 😬”
Like, what the fuck did this man expect sending shit like that?
I thought this must be fake, but it’s in the WP Engine complaint referenced above.
They lied that it was to run WordPress.com, though, she wanted to be the Executive Director of WordPress.org for Automattic, a position that was held by Josepha.
But you own and run and finance WordPress.org personally, as you’ve revealed and talked about numerous times in the last few weeks. I don’t follow, how can Heather apply for a job with Automattic to be the Executive Director of a website you personally own?
The ways that Automattic, WordPress.com, WordPress.org, the WordPress Foundation, and Mullenweg personally are intertwined are way more confusing than the confusion between WordPress and WP Engine that is the casus belli for this extortion.
Ivan Mehta (Matt Mullenweg, Hacker News, Daniel Jalkut):
Automattic CEO Matt Mullenweg said on Thursday that 159 employees (roughly 8.4% of staff) accepted a severance package that the company had offered to those who disagreed with his direction of WordPress and his handling of the tussle with web hosting provider WP Engine.
[…]
Some employees who left the company include the head of WordPress.com (Automattic’s commercial WordPress hosting arm), Daniel Bachhuber, head of programs and contributor experience Naoko Takano, the Principal architect for AI, Daniel Walmsley.
[…]
Over the last few days, several people on X have hinted about a severance offer being circulated among Automattic employees. Mullenweg also allegedly DM’d a former employee who posted about the offer and accused her of attacking the company and him.
See also: Jeffrey Zeldman (Hacker News).
Matt Mullenweg, the CEO of Automattic, co-founder of WordPress, and single point of failure for WordPress.org is trying to bully me with legal threats over my commentary regarding his recent behavior.
[…]
I am not a WP Engine (or PE in general) apologist. I believe they should contribute more to core, etc. However, what Matt has done, is doing, continues to do is antithetical to opensource, to his own stated goals to democratize publishing and to grow the use of WordPress. He has demonstrated time and again that when he does not get his way or has no leg to stand on he will default to subterfuge to achieve his goals.
See also: Jeff Chandler, regarding a trademark dispute from 2015.
Update (2024-10-07): Emma Roth (Slashdot, Peter Steinberger):
To the outside observer, these might appear to be independent organizations, all separately designed around the WordPress open-source project. But as he wages a battle against WP Engine, a third-party WordPress hosting service, Mullenweg has muddied the boundaries between three essential entities that lead a sprawling ecosystem powering almost half of the web.
To Mullenweg, that’s all fine — as long as it supports the health of WordPress long-term.
“WordPress.org just belongs to me personally,” Mullenweg said during an interview with The Verge. WordPress.org exists outside the commercial realm of Automattic, as a standalone publishing platform that offers free access to its open-source code that people can use to create their own websites. But it’s not a neutral, independent arbiter of the ecosystem.
It also raises questions about the legality of Mullenweg’s handling of the WordPress trademark, donated to the nonprofit WordPress Foundation in 2010 ostensibly to allay concerns about his control over the mark and the potential for abuse. Mullenweg is a director of that foundation, which chiefly oversees the WordPress software project.
“Mullenweg’s public announcement did not mention … that he had also caused the nonprofit WordPress Foundation to grant an exclusive, fully-paid, royalty-free, perpetual, irrevocable, worldwide, sublicensable license and related security agreement to the WordPress mark right back to Mullenweg’s for-profit Automattic,” the complaint says.
In so doing, Mullenweg is alleged to have made false statements in the WordPress Foundation tax filings by reporting that there were no “contracts … between [WordPress Foundation] and any officer, director or trustee … or with an entity in which any such officer, director or trustee had any financial interest.”
Describing WPEngine as “not contributing” to the ecosystem feels way too short-sighted.
They may not contribute as much to the core, but they are (after some acquisitions) the owners of e.g. Advanced Custom Fields, which may be one of the most influential plugins in the ecosystem of all time.
Plus the conference sponsorships.
Update (2024-10-08): Michael Lopp:
WP Engine provides a valuable and essential service, delivering WordPress to me and my readers, for which I also happily pay. I pay for many online services and would rank WP Engine’s quality, reliability, and support in the top 10%.
As an eager user of the software and the services, I hope they’ll find a fair and symbiotic resolution.
I think in the last couple of weeks we’ve been seeing how the popularity of software development frameworks follows the same kind of trends and personalities as fashion or politics.
Ruby on Rails is having another moment in the sun because its leader is charming the software development community.
WordPress is having a crisis of confidence because its leader is turning people off.
Another interesting note is that these are both approximately equally old projects that are both still led by their founders.
Update (2024-10-09): Stephanie Lundberg (LinkedIn):
Listen, it’s certainly easy and maybe a little funny to sit here and make jokes about Mullenweg’s childish behavior. But obviously, this isn’t just a tantrum. He is – by his own admission7 – unleashing weapons of mass destruction on his own community and significantly impacting their livelihoods.
[…]
And now Mullenweg seems to be turning his attention to the ex-Automattician Slack community, allegedly trying to find ways to take it over, ostensibly to control others’ speech there too.
[…]
It feels new because of the scale at which we’re seeing it right now, but he was like this in July. He was like this in February, when he violated his own company policies, undermined his own Trust & Safety team, argued at length with Tumblr users and a trans woman on Twitter, and then released private user account information on multiple platforms. He was probably like this well before that, even, we just didn’t see a lot of it publicly.
[…]
My dude. You are on the record threatening a member of this very Slack community with legal action for offering support to their fellow Automattic alums mere days ago. In what universe do you think anyone in this community is then going to hand you the keys to a transcript of everything any alum has ever said, going back to the beginning of the community?
WordPress.org is now preventing people from logging in unless they agree that they are “not affiliated with WP Engine in any way, financially or otherwise” (via Hacker News). This will prevent people from contributing to WordPress, supposedly the stated goal of the WP Engine crackdown.
Javier Casares asked about the checkbox and suggested that WordPress.org be transferred to the WordPress Foundation and was banned from the WordPress Slack (thread).
David Heinemeier Hansson (tweet):
Automattic is completely out of line, and the potential damage to the open source world extends far beyond the WordPress. Don’t let the drama or its characters distract you from that threat.
A key part of why open source has been so successful over the last several decades is the clarity and certainty of its licensing regime. Which allow you to build a business on open source without fear of frivolous claims or surprise shakedowns. The terms of the deal are spelled out in the license agreement, and the common ones, like MIT, BSD, or GPL, have all stood the test of time.
The most important part of such a license is usually the fact that the software is offered without any warranty. But some also include provisions that require any modifications to be released as open source as well. None of the major licenses, however, say anything close to “it’s free but only until the project owners deem you too successful and then you’ll have to pay 8% of your revenues to support the project”. That’s a completely bonkers and arbitrary standard based in the rule of spite, not law.
Automattic undermined the trademark argument by being an former co-owner of WP Engine, not raising it for 14 years, and admitting it was just done as a tactic to “get Al Capone”.
This WP stuff would be hilarious to watch if it wasn’t involving the software that powers ~40% of all websites.
[…]
It’s looking like even self-hosted WP installs are going to be affected, if you’re using wp.org’s plugin directory/repository thing.
Update (2024-10-10): Samantha Cole (Hacker News):
Users who don’t check that box can’t log in or register a new account.
Megan (via Hacker News):
I’ve decided that I want to prioritize my mental (and physical) health and will no longer contribute to the WordPress open source project. The constant worry about the stability of the project and never-ending influx of WordPress-related news has contributed to worsening anxiety symptoms for me and it’s no longer worth it.
[…]
My WordPress(.org) profile might still show that I dedicate 5 hours per week to the Community Team, but from this point forward that will be inaccurate because I don’t want to pay an attorney hundreds of dollars an hour to determine if the new required login checkbox applies to me.
So catching up on the WordPress drama
Correct me if I’m wrong, but he’s mad that WP Engine is using WordPress, which is open source, and “not contributing enough back”, which of course would be nice but isn’t a requirement.
And he’s mad that they use “WP” in their name, and wants them to pay Automattic a “license fee” for it, but that’s not even a trademark Automattic owns?
Update (2024-10-14): Wes Davis (Hacker News):
WordPress.org has taken over a popular WP Engine plugin in order “to remove commercial upsells and fix a security problem,” WordPress cofounder and Automattic CEO Matt Mullenweg announced today. This “minimal” update, which he labels a fork of the Advanced Custom Fields (ACF) plugin, is now called “Secure Custom Fields.”
Advanced Custom Fields (Hacker News):
A plugin under active development has never been unilaterally and forcibly taken away from its creator without consent in the 21 year history of WordPress.
Advanced Custom Fields is a sophisticated plugin with over 200,000 lines of code, which we continually develop, enhance, support and invest in to meet the needs of our users across WordPress. We’ve made 15+ releases over the past two years, since joining WP Engine, and added significant new functionality to the free plugin as well as continually improving performance and our security and testing practices to meet the ‘enterprise grade’ that our users deserve.
The change to our published distribution, and under our ‘slug’ which uniquely identifies the ACF plugin and code that our users trust in the WordPress.org plugin repository, is inconsistent with open source values and principles. The change made by Mullenweg is maliciously being used to update millions of existing installations of ACF with code that is unapproved and untrusted by the Advanced Custom Fields team.
To me this is indistinguishable from an account takeover attack executed by an insider. I doubt any prosecutor would be interested, but to my eyes WordPress.org has violated the CFAA by accessing WordPress instances outside the bounds of their authorization. They were authorized to modify WordPress instances in ways ACF prescribed, not in ways of their own choosing.
So, the ACF plugin is a useful contribution to the WordPress ecosystem? Significant enough to warrant bringing it in-house now?
WP Engine has been responsible for maintaining what is widely considered to be the most essential plugin in the ecosystem.
It’s very funny that Matt’s original complaint was that WPEngine didn’t contribute enough, and he has now banned them from contributing and stolen what they had previously provided.
WP Engine fixed the bug but couldn’t update it on WordPress.org because they were banned from the directory. Mullenweg didn’t just fork the plug-in:
He stole the original project plugin space, its reviews, download statistics, SEO traffic, etc.
For a dispute that started with a claim of “trademark confusion”, there’s an incredible irony in the fact that Automattic is now hijacking users looking for ACF onto their own plugin.
unsnap_biceps [Update (2024-10-14): possibly not true]:
They also modified it by ripping out the pro features, so if people update their ACF Plugin and they had pro features enabled, it’ll just break their install.
This is completely ridiculous. I hope someone forks WordPress itself to get it out from under this toxic leadership.
See also: Bullenweg:
Keeping all of the original install counts and reviews, and saying “best of luck with your version” to the actual developer of the plugin might possibly be the scummiest thing I’ve ever witnessed in the open source world.
This is totally crazy. Like if the operators of rubygems dot org just decided to expropriate the official Rails gems, hand over control to a new team, and lock the core team out of it. We’re in uncharted and dangerous territory for open source now. What a sad sight.
Update (2024-10-15): Matt Mullenweg (archived):
DHH claims to be an expert on open source, but his toxic personality and inability to scale teams means that although he has invented about half a trillion dollars worth of good ideas, most of the value has been captured by others.
[…]
David, perhaps it would be good to explore with a therapist or coach why you keep having these great ideas but cannot scale them beyond a handful of niche customers. I will give full credit and respect. 37signals inspired tons of what Automattic does! We’re now half a billion in revenue. Why are you still so small?
David Heinemeier Hansson (post):
Maybe I’m supposed to get mad at this, but instead I just get sad. Mullenweg clearly sees it as a failure to create much more value in the world than what you capture, and maybe that’s the root of our differences. I see that as a proud achievement.
Just when you think WordPress has reached peak clown status Matt does something to top his previous best
It is nearly impossible to get me to feel sympathetic for anything touched by private equity, but Mullenweg has done just that. He really is burning all goodwill for reasons I cannot quite understand. I do understand the message he is sending, though: Mullenweg is prepared to use the web’s most popular CMS and any third-party contributions as his personal weapon. Your carefully developed plugin is not safe in the WordPress ecosystem if you dare cross him or Automattic.
I’ve request my code to be removed from WordPress.org plugin repository. Instead they closed the plugin and kept the code 🤦
Even when the WP Engine saga is over, I’ll still avoid WordPress whenever possible in the future. WordPress was never ideal, but it was a safe bet.
As long as Matt is at the helm, that is no longer the case.
The power of WordPress is not in its amazing technology. Because it really isn’t very good. There is far better tech available.
The power of WordPress is in its community and ecosystem.
…was in it’s community and ecosystem.
Fascinating discussion over on Reddit about the tangible financial impacts of @photomatt’s war on WPEngine
Lost contracts, lost referrals, people wondering if WordPress is safe to build on long term.
What I expect to happen in the next few days[…]
Darnell Clayton (Hacker News):
This is why we will probably witness a rebrand by WP Engine and a zombie 🧟♂️ 🧟♀️ fork of the WordPress code.
Matt will eventually exit WordPress and the foundation will be reborn with a lot of support from the larger corporations in the ecosystem. @wpengine and Silver Lake will likely end up with a lot of control.
See also: Gergely Orosz.
Update (2024-10-17): Steve Streza:
As the old saying goes, “nobody ever got fired for buying IBM”. The same was basically true for WordPress. A stable, mature package that you could forget about and get on with running your website.
It’s hard to imagine “stability” being associated with WordPress any more.
Colin Stewart (via Joe Maller):
Matt’s behaviour despite constant calls to stop means I’ll never trust him[…] Community-led governance or nothing.
We start this week’s episode with the ongoing (and pretty confusing!) conflict between WordPress.com and WP Engine. It might sound like drama, but it actually could have ramifications for the wider web.
“Overall, the environment is now full of people who unequivocally support Matt’s actions, and people who couldn’t leave because of financial reasons (and those are mostly silent),” one Automattic employee told me.
The current and former Automattic employees I spoke to for this article did so under the condition of anonymity, out of concerns about retaliation from Mullenweg.
[…]
On Wednesday Mullenweg posted another ultimatum in Automattic’s Slack: a new offer that would include nine months of compensation (up from the previous offer of six months).
[…]
One Automattic employee told me that Mullenweg’s interception of Blind emails was the thing that made them start looking for a new job. “For Matt to do that, without prior announcement, was equivalent to spying on his employees. And for him to think it's ok to tell people to message him for their verification code is ridiculous—I've never questioned an employer's judgment as much as I did in that moment (although it has happened many times since),” they said. “Clearly, Blind is designed to allow employee discussion free from employer interference, and he was trying to prevent that in the most obvious way possible.”
The message — penned by Automattic’s then-chief legal officer Paul Sieminski in January 2024 on the company’s “P2” (a version of WordPress aimed at internal communications) — outlined a plan for how Automattic would approach this strategy, through direct negotiations with companies and via legal action from “nice and not nice lawyers and trademark enforcers.” And Automattic potentially would register further trademarks going forward.
[…]
There are some murky areas in the dispute that Automattic has with WP Engine and WordPress trademark enforcement. One of these concerns the trademarks that were filed in July 2024. In a conversation with TechCrunch last month, Mullenweg claimed he didn’t know who filed these on behalf of the Foundation, or why. He said that he doesn’t know about day-to-day operations of the Foundation and volunteers are the ones who handle it.
The Foundation has three directors, including Mullenweg. The others are Mark Ghosh, who sold his website, a popular WordPress blog, to Mullenweg in 2014, and Chele Farley, a former Republican politician whose campaign Mullenweg lent money to. Both of them have been almost invisible from Foundation activities or speaking about the WordPress ecosystem.
[…]
We reached out to Automattic for comment for this story and Mullenweg replied directly. He did not give a direct answer to the question of whether the dispute with WP Engine was a one-off or setting a precedent for further action.
I get that other companies shouldn’t have “WordPress” in their name, but it seems reasonable to be able to describe an offering by saying that it’s “Hosted WordPress.” How else would people know what it is?
Joe Brockmeier (via Hacker News):
Users of ACF Pro that depend on the WPGraphQL and WPGraphQL for Advanced Custom Fields plugins may have real cause to be concerned that Automattic will look to break compatibility for ACF. WPGraphQL provides a GraphQL schema and API for WordPress sites and is a popular plugin to use in conjunction with ACF. Jason Bahl, the maintainer of the plugin, announced on October 7 that he was leaving WP Engine to join Automattic. Additionally, he said that WPGraphQL is becoming a ”canonical plugin” for WordPress.
The concept of canonical plugins is loosely defined, but Mullenweg described them in 2022 as official plugins that are the first choice for a type of functionality, but too niche to be included in the core distribution. With WPGraphQL development under Automattic’s roof, it seems unlikely that compatibility with ACF will be a priority.
Scott Kingsley Clark, who has been involved in a project to bring a fields API into the WordPress core, announced on October 13 that he was stepping down from contributing to WordPress core. The fields API project on GitHub has been archived with a goodbye notice that states that it pains him to stop but that he is “done making excuses for Matt’s actions and will not associate myself with core any longer”. He added on Mastodon.social that he was going to remain part of the WordPress community overall, and continue working on the Pods plugin.
[…]
After decades of being a poster child for the goodness of open source, WordPress is becoming a case study in the dangers of the company-owned project model. Instead of being the safe choice, WordPress is starting to be seen as the risky one—and that perception may impact open source as a whole.
Update (2024-10-18): Dare Obasanjo:
Redirecting emails from Blind to Automattic employees trying to sign up for the service is next level and letting people to know to talk to you about it if they want their email verification code is next level. Founder mode on tilt.
That does not seem compatible with a culture of trust within a company. […] The whole situation is just very depressing.
Mathew Ingram (via Hacker News):
I think it’s important to note that WP Engine has been using WordPress trademarks for over a decade now, and neither Matt nor Automattic nor the nonprofit ever mentioned that they were infringing on them until two weeks ago, at least not publicly. Automattic also invested in WP Engine at one point not that long ago, and Matt spoke at a conference that WP Engine put on last year, and talked about how WP Engine was the kind of corporate partner that others should emulate. So what changed? Is it just that Automattic is not producing enough revenue to pacify its private equity shareholders, who have funded the company through a number of financing rounds?
[…]
It’s pretty clear that Matt sees what he is doing as protecting WordPress, and forcing a no-good corporation to cough up some dough after years of taking advantage of the community (he says he has been trying to negotiate with WP Engine for more than a year now, while WP Engine says it gives back to WordPress in a number of ways.) To some observers like me, however — and to some other longtime members of the WordPress ecosystem — it looks like Matt has dragged the WordPress community into a legal mess with a variety of unforeseen and potentially serious consequences. Did he ask any members of the community before he did that? Not as far as I know.
Also, there is the unfortunate appearance of a significant conflict of interest — Matt is not just the plucky founder of a nonprofit open-source project, he’s a wealthy CEO of a for-profit corporation that is attacking a competitor, and using his status as the founder of the nonprofit to extract money from that competitor. It’s true that the money he was trying to get would have benefitted the open-source project, but convincing WordPress users to stop using WP Engine would also benefit Automattic and Mullenweg personally.
[…]
To take just one example, I said that Matt was caught in a conflict of interest and he (or his legal team) responded that “Matt’s dual roles are aligned to ensure Automattic’s success enhances WordPress as a platform.” Which is not really a correction at all, but appears to be mostly Matt’s way of saying “Yes, I have a conflict, but it’s for the best.”
This is an open letter to appeal to divert all energy being wasted in fights towards co-creating a fully independent, transparent, and strong WordPress Foundation v2.
Let’s invest in an independent guardian angel so fights like this can’t hurt the FOSS project and it’s community as a whole.
Update (2024-10-21): Emma Roth (PDF):
WP Engine is asking a court to put a stop to Automattic CEO Matt Mullenweg’s public campaign against the company. In a motion for a preliminary injunction filed against Automattic and Mullenweg on Friday, the third-party hosting platform requests that the court restore its access to WordPress resources and allow it to regain control of its plugin that had been taken over.
See also: Mac Power User Talk.
Update (2024-10-24): Automattic has filed a legal response to WP Engine (PDF, Hacker News).
Update (2024-10-28): Andy Fragen:
I have put my contributions to WP Core on hiatus.
[…]
I have contributed to almost every Core release in the past 9 years. Some of those contributions were fairly involved, complex features, others were not.
Much of this commentary has overlooked what I think is a core concern at the heart of Matt’s argument: the growing role and influence of private equity in tech, particularly in open source.
[…]
By nature, these communities aren’t a fit for rapid extraction of outsized returns. Their vitality depends on reinvestment, transparency, and long-term stability — the opposite of the PE model.
Matt Mullenweg is spreading revisionist history about Drupal’s decline, and blaming it on private equity.
Drupal 8 was released before the acquisition of Aquia.
And Drupal developers blame that tricky upgrade path from 7 to 8 with the struggles in Drupal-land.
One could still argue that private equity is not a good fit with open source, but then maybe venture capital isn’t, either.
Here’s the [Automattic] data:
- raised at 3b valuation in 2019
- raised at 7.5b valuation in 2021
[…]
That’s a 15x multiple on TODAYS revenue, not what it was when they raised in 2021.
[…]
Matt is likely needing to raise money, but can’t at a valuation that doesn’t materially weaken his ownership and/or control.
He’s fighting to try and get revenue from anywhere to avoid this.
The Automattic vs. WP Engine timeline on Bullenweg.com, which Mullenweg initially seemed to be OK with, is no longer available, following threats of legal action after it published a joke. The site now features a quote from a second legal case involving unpaid wages and an abusive work environment (PDF).
Update (2024-10-29): Adrienne Travis has a timeline of events (via Jan Lehnardt).
I’ve officially left the WordPress project after 14+ years of contributing[…]
[…]
I’ve watched a full cult form around Automattic, the company behind wordpress.com. In 2014 I even applied to work there but by that point I was already at a stage where I didn’t trust the org due to abuse I had seen a friend go through. I confess I took the paid trial but I intentionally did not take it seriously and I accepted another role before the trial started. All that is to say, Automattic was never honest about who it is so I really didn’t feel too bad at the time about going through such motions. They had the chance to change my mind then but that not only didn’t happen but the whole experience instead lowered my respect for the org even further.
[…]
I won’t say WP Engine is blameless in the wider world of WordPress and open source, I didn’t leave there on a whim after all. The nature of the attack on them now, however, is beyond the pale. It finally shows the world what WordPress really is, an abusive, predatory organization/community lying about its virtues to abuse other companies and organizations in an effort to get free work.
ttul:
It gets so much worse. Today, my sales guy was trying to register for WordCamp, a conference that we have been attending for years as an essential place to meet customers. And then he encountered the registration form for a WordPress.org login, which neatly specifies that you affirm you have no “affiliation with WP Engine, whether financial or otherwise.”
Of course, my company does have an affiliation with WP Engine. We use their service to host our website. Therefore, nobody on my team can register for a WordPress.org account.
WordPress reportedly asks WordCamp organizers to delete posts that “don’t align” with its views. Screenshots shared on X show emails from WordPress parent company Automattic asking the owners of WordCamp Sydney — a community-organized WordPress conference — to remove posts related to WP Engine.
Meanwhile, a separate email from the company requests that event organizers share “all active social media accounts” login credentials with Automattic to ensure “safe storage for all future events.”
Update (2024-11-11): Thomas Claburn:
The feud between Automattic CEO Matt Mullenweg and rival web hosting firm WP Engine has led Automattic to create a website that lists WordPress customers who have moved their site hosting away from WP Engine and those who haven’t.
[…]
While data about WP Engine websites can be gathered from public sources, it’s not clear whether the .csv file of WP Engine websites was obtained from a public source. There’s some speculation that the data may have come from non-public WordPress.org access logs rather than DNS queries or a website crawler.
Update (2024-11-15): Thomas Claburn:
WP Engine, a hosting provider for websites running open source WordPress software, has revised its legal complaint against rival Automattic and its CEO Matthew Mullenweg to include antitrust allegations.
Update (2024-11-25): Adrienne Travis (Hacker News):
Automattic has released a new version of Secure Custom Fields on wordpress.org (at the secure-custom-fields slug) which adds in the paid features from ACF Pro. This seems to have first been reported by David McCann, on YouTube. In a discussion about this move on r/wordpress, commenter obstreperous_troll notes that the ACF copyright notice has been stripped from the new plugin, which violates the GPL.
WordPress[…] has stolen Advanced Custom Fields Pro entire code, nulled it, & republished it on their directory as a free plugin “Secure Custom Fields” (a second plugin of this same name)[…] This is a direct violation of WordPress(dot)org’s own policies, basic open source etiquette, and of course likely software copyright laws.
It’s crazy because they literally are suing someone else for hosting nulled plugins, and that guy had his bank accounts frozen. They are doing the same thing now over at WordPress.
1 Comment RSS · Twitter · Mastodon
+1 to Christina Warren. FLOSS adds value; the people who add that value should be compensated. But FLOSS is also, in any practical sense, a public benefit, so we have to figure out how to do this in a way that doesn't offend the capitalist spirits of the gold-diggers who will somehow work to the betterment of humanity by exploiting it to serve the public.
Which, of course, is where it all goes to shit, because collectivism is an offence to all good capitalists. The primary moral of capitalism is that greed is a virtue in the face of competition, so nobody counts FLOSS is anything but a "gift" for their own advancement, rather than a public endeavour. So we get these constant conflicts, bordering on the absurd, in which FLOSS contributors give away their work, but of course never meant it to be exploited like *that*. We have to get out of this doom loop and agree to a collective endeavour, perhaps underpinned by FLOSS licences that explicitly place demands on commercial beneficiaries. We do at some point need to sort this out.
It's either that, or some good honest Communism. State-led investment in FLOSS. Now that would work for me!