Hacker News new | past | comments | ask | show | jobs | submit login
Wordpress.org Login: "I am not affiliated with WP Engine in any way" (404media.co)
212 points by notamy 60 days ago | hide | past | favorite | 247 comments



This whole bit of drama really makes me glad I never invested time/energy in WordPress. It's like Real Housewives of Computer Nerds level of whining, and feels just as fake. Regardless of right/wrong, the whole thing has just turned into a 80s made for TV type of situation. There was a much better way at handling this, but somebody had access to social media and the wheels promptly fell off.


> Real Housewives of Computer Nerds

OK you've convinced me to get invested in this.


I'm accepting scripts for this unscripted series now. We're still trying to get someone credible attached so we can get it green lit.


Silicon Valley: FOSS Foundation spinoff where Richard creates some FOSS software, figures out how to monetize it while also maintaining the illusion that it's FOSS, then goes to eight years of Burning Man and flips the script after accidentally locking himself inside a sweat lodge for the whole festival.


as a bit of a "yes, and" in order to hew to the Real Housewives format, we'll need the looming threat of federal prison for fraud. Season 3 of Salt Lake City is probably the best example of this, combining the eternal recurrence and inevitability of the full Star Wars series with man-vs-fate of Spike Lee's _The 25th Hour_.

When I refer to the eternal recurrence in Star Wars, I simply mean that they blow up the Death Star in Episodes IV, VI, VII, and arguably I and definitely put an end to Sith control of the galaxy every time wink.


Beauty and the geek?


The nice thing is it's GPL, so the founder/owner can't just take his ball and go home. It's also widely-used/important enough that it will get forked if leadership problems start to make it unusable for too many people.


The problem though, for people who want to use WordPress, is that WP sites fundamentally rely on wordpress.org for downloading and installing plugins and themes, and critically for security updates to plugins and themes. (You can install/update manually, but the standard admin dashbord is set up to make wordpress.org integration by far the best way to do so.)

Yeah, you've got your GPL copy of all the source code. But next week's discovery of vulnerabilities in whatever random plugin gets to be this weeks news means you need to download/install the updated version. Which canonically is found at wordpress.org. We host a couple of dozen sites on WPEngine (and have done for about a decade, very happily with the price, features, and service). Our internal business continuity planning is now investigating ClassicPress, keeping an eye on comms from WPEngine to see what their path forward in terms of keeping WP sites updated without wordpress.org access, and questioning whether it's time to stop using WordPress at all. We already have a few sites that use WP as the admin/publishing tool, and generate the site as static html for hosting via S3/CloudFront - we may make that our standard deployment bit if we had to move all our WP sites off WPE, we may as well investigate other newer tools.

We are certainly having conversations right now with potential new clients warning them of the drama in the WordPress ownership/ecosystem, and advising considering alternative options or at least waiting until the dust settles on Matt's current ill advised crusade.


Over stated. Just go to hostgator or one of the million clones and select to auto update or use a plugin to do it. Also use the backup plugin.

The real issue is if WP gets fractured or abandoned or weird license issues etc. Then I take my luggage to hugo or similar.


Having a backup to restore from is not really the major concern versus mitigating being hacked in the first place, having your database stolen, and needing to report that, whilst surviving the reputational damage and penalty fees that likely brings.

A restorable backup isn't really a priority versus the above.


The update issue doesn’t sound like a big deal. What’s stopping WP Engine from setting up their own mirror system?

CentOS did this to Redhat for decades. They literally stripped out the trademarks and distributed the OS to anyone with no contracts at all. Patches were available same day that RH published them, and were applied from CentOS update servers.

The endgame for WP seems to be that they give up this fight or close their source and act like a real licensed software company. You can’t play GPL until it no longer suits you, then start making insane demands about revenue sharing and all this nonsense.


WPEngine do have their own mirrors. This is what a test theme upgrade this morning tells me:

Downloading update from https://theme-updates.wpengine.com/twentysixteen/twentysixte...

The risk I need to address is what's stopping Matt denying WPE access to that place where all the plugins and themes are published? Where does plugin-updates.wpengine.com get its content from, and how soon is Matt gonna block that? And an arms race of WPE needing to use proxies or other workarounds is not a business grade answer.

As I see things, either

1) the "WordPress community" that Matt thinks he's fighting for step up and tells him "No thanks, we absolutely do not want you to fight this fight" and removes him from power,

2) WPE wins the court case and a judge tells Matt "Nope, you're wrong about trademark law and you're wrong about the GPL and you are going to be held to the claims you made in the past about WordPress the software and WordPress the foundation and wordpress.org the software distribution and update service."

or

3) We are witnessing the start of the end of WordPress being trusted to run almost half of the internet.


> 1) the "WordPress community" that Matt thinks he's fighting for step up and tells him "No thanks, we absolutely do not want you to fight this fight" and removes him from power

The issue with this is that it absolutely will require a fork:

The WordPress Foundation President is Matt. There are only two other board members, only one of whom is active, and both were appointed by Matt unilaterally.

The WordPress Foundation (i.e. Matt) granted Automattic (i.e. Matt) an "exclusive, perpetual and irrevocable" license to Automattic re use of WordPress identity.

Wordpress.org is the exclusive property of Matt (although he has long played fast and loose here - just yesterday he was caught editing Automattic blog posts from referring erroneously to WP.org as a non-profit charity to 'a website that performs a community service').


>The WordPress Foundation President is Matt. There are only two other board members, only one of whom is active, and both were appointed by Matt unilaterally.

The thing is, once you organize a foundation as a non-profit with the government, you lose some of your ability to make decisions that are contrary to whatever charter and goals and such you specified when it was created. Matt may have screwed himself over by putting the stuff he wants to profit off of into ownership of the non-profit.


> The issue with this is that it absolutely will require a fork

Perhaps?

There is a significant group of people Automattic relies on to make the WordPress project and community a thing. While Matt probably can afford to pay enough devs to maintain WP core, I doubt he's wanting to pay to do all the maintenance for all the OSS/GPL plugins and themes on wordpress.org that are a big part of what makes WP attractive over other free and OSS CMS/blog alternatives.

Those people could probably mount a campaign that'd threaten Automattic's financial bottom line, which since Matt's extortion show that for him this is all about money that someone else has that he wants, perhaps that'd be "enough"?


As a customer and user of WPEngine, what role do you see wordpress in that relationship? Generally when I buy things I try to take some consideration of the sub-contractors and suppliers to the supplier of service, but I am aware that I do not have a direct relationship with them.

I doubt the courts will demand that WordPress foundation must provide servers and bandwidth indefinite and free of charge to anyone, especially when there is no contract between WPEngine and WordPress foundation. When Youtube removed API functionality and under a night destroyed companies that relied on those free API's, courts did not demand that Youtube went back. It is inherently risky for companies to depend on someone else servers and network service being provided for free without any contract.

The more easy path forward would be for WPEngine to switch dependency. Debian has an reliable repository. Core wordpress is already packaged there, it get updates, and a handful of the most popular themes are also packaged. If that is not enough then WPEngine could spend employee hours to package more themes. No need for proxies or workarounds. I would estimate that 90% of the customers on WPEngine could continue to exist using just that.


"The point of the foundation is to ensure free access, in perpetuity, to the software projects we support" https://wordpressfoundation.org

That's not only on their website, it's also stated in their 501c3 filings with the IRS.

Another thing to note is that "wordpress.org" is hardcoded into several places in the source code, and Matt has outright refused to make it more directly configurable.

There are even more issues involved, so while your point is sound, the reality of the situation is pretty complicated.


The free software movement and FSF in particular has always been very clear that free in this context does not mean that projects can't sell CD's with software on it. It is also this interpretation that allow for paid support, which would otherwise also not be "free". It is possible that courts would make a different interpretation, or that free access to software will be interpreted as not free software, but instead about free access to a distribution channel, Which mean wordpress could go proprietary under that statement (free access to download would says nothing about freedom to run it). The distinction gets generally refereed as "free as in speech, not free as in beer".

Regarding Debian, I don't know if the Debian package has anything hardcoded to wordpress.org. The generally recommended update path is to use debian package manager rather than internal updating mechanics. Debian maintainers often patch thing or change defaults as part of the packaging in order to make software behave nicely with the debian eco-system.


> The more easy path forward would be for WPEngine to switch dependency. Debian has a reliable repository.

Yeah, but.

Do we trust Matt now to not required the Debian packagers to, as he says, "choose sides" before giving Debian access to the wordpress.org infrastructure to download updated WordPress core and plugins/themes? I can _easily_ see him escalating like that.

> As a customer and user of WPEngine, what role do you see wordpress in that relationship?

The same role as I always used to see WordPress (the project, including WordPress core and the entire 1st and 3rd party plug/theme community) has with other companies that have a WordPress installation capability like cPanel and Plesk, and with every other hosting company that makes is easier to deploy WordPress than starting from a bare Linux VM - like GoDaddy or Dreamhost or practically any SMB oriented web hosting vendor.

And I think Matt is being entirely disingenuous, probably to the point I'd be happy to accuse him of outright lying, when he says WPEngine don't contribute back to the WordPress community. WPE have listed out the support they provide to the community which is in the form of conference sponsorship and development of open of the important plugins (ACF). While they obviously _could_ do more, I think the blackmail tactic Matt's using to extort them into paying 8% of revenue (at many million dollars a year) not to "the WordPress Community", but into a company (Automatic) that's directly owned by Matt, and that is a direct competitor in the WordPress hosting space.

And the recent news the the WordPress Foundation has applied to trademark "Wordpress Hosting" and "Managed WordPress" is totally off the charts punching "the WordPress Community" in the face. In my experience, by far the most common WordPress user acquisition channel is people using $5/month GoDaddy or similar hosting with a one click WP install, and sooner or later outgrowing that level of over subscribed web hosting and moving on to more dedicated WordPress hosting either through a digital agency or consultant, or going directly to WPEngine (often on recommendation from people just like me).

If Matt gets _any_ traction in enforcing 8% revenue (or more, as he's threatened) from WPEngine for using the word "WordPress" on it's website, how quickly do you think the lawyers at low margin/low cost of entry vendors like GoDaddy will say "Just take down every single mention of WordPress _anywhere_ and stop offering it to customers."

As I said, absent some adult supervision over Matt's tantrums, I believe we are witnessing the start of the end of WordPress.


"if Matt" "do we trust Matt" "blah blah yeah but Matt"

So why isn't this thing forked yet? It seems like WP Engine has the resources and now the motivation to do it. Advertise as a 100% compatible drop in replacement. MariaDB did it.


Is the plugin repo open source? If so then similar to VS Code, the community can spin up their own marketplace.


Isn't that essentially what caused this kerfuffle? Someone forked it and the original guy got upset about the how/why of the fork?


No, no fork at all. There may be a fork though because of how erratically the founder is behaving


It’s more that WP Engine is successful and hasn’t meaningfully contributed back to the Wordpress project.

Which I can sympathise with. But this isn’t what open source is about both legally and morally. And there are better ways to achieve this goal than by making a mockery of the Wordpress foundation and harming end users.


The wordpress foundation has never been anything BUT a mockery. It doesnt do anything - it is a shell for Matt's trademark schemes and tax fraud


>The wordpress foundation has never been anything BUT a mockery. It doesnt do anything - it is a shell for Matt's trademark schemes and tax fraud

It does kinda seem that way as an outsider looking in. There definitely seems to be some legal shenanigans going on when he's using his for-profit company Automattic to complain about stuff happening to the non-profit Wordpress Foundation. They should be legally separate enough that what he's doing shouldn't be possible.


Hearsay tells me they maintain a small fleet of Wordpress plugins, sponsor conferences, etc. Are those not meaningful contributions to the ecosystem?


No you don't understand!

Matt painstakingly forked b2 into wordpress and now WPE is freloading while Matt donates a whooping 0% of his revenue to b2 while WPE doesn't. /s


> and hasn’t meaningfully contributed back to the Wordpress project.

That's what Matt says. WPEngine claims otherwise -- in a legal document, no less.


but what's better alternative aside from rolling your own CMS?


I personally think that the best alternative is statamic. I've built two large sites with it without touching a line of PHP. No themes or crazy plugin dependencies in the manner of Wordpress, so its a roll everything yourself type deal, but the data model building GUI is excellent. Not super interested in selling/explaining it, but certainly I would look into it as a viable alternative - it works how I think CMS's should work, incredibly refreshing after building websites for 20 odd years.


There’s a million standalone CMS’s (headless) and standalone site builders (ranging from pure technical to no-code to no-design) and even sitebuilders with robust CMS’s attached these days (eg. Webflow).

There’s zero reason to use Wordpress in 2024 imo.


> There’s zero reason to use Wordpress IMO in 2024.

Many folk, companies don't have the resources nor skillset to set up a LAMP equivalent for such.

If you want to be the next wonder-host for $CMS be my guest. I recommend Kirby. No database required and only uses text files for its backend.

https://getkirby.com/


No database required, but you’re still tied to being a “wonder-host” for Kirby.

I’ve used it before, and many clients sites are now dead because their web host didn’t want to support old PHP versions anymore.

Any cloud-based CMS doesn’t have that problem.

That, plus, Kirby just isn’t robust enough to compare to something like Webflow.


I’m not entirely sure why you’re comparing Kirby to Webflow. They’re completely different tools built with completely different target audiences in mind.

Also

“many clients sites are now dead because their web host didn’t want to support old PHP versions anymore”

Isn’t the solution to that as simple as upgrading your CMS?


The comment I was responding to was criticizing the idea of having to provide hosting support for other CMS's.

That fact that you constantly have to upgrade Kirby and pay new licensing fees (and bill your customers for this) because no web host wants to support an old version of PHP...betrays the idea that Kirby is a way out of this. Sure it doesn't have a database to hassle with like Wordpress so it's better in that regard. But it's still objectively worse than any cloud platform.

If you're on a cloud subscription platform you're completely hands off (no upgrades necessary) and the client now has permanent support from said subscription they're paying for. It's fundamentally a better model than dumping websites on clients and letting them slowly rot away while they forget how to do anything with them.


> If you're on a cloud subscription platform you're completely hands off (no upgrades necessary)

Sure you’re just letting someone else do the job but at a significant higher price. It’s a trade off like everything else. In some situations a cloud solution is probably good. But in other cases it might be way too expensive in the long run. So it’s a balance and every situation is different.


So does Statamic, based on Laravel.


don't write off those that setup a WAMP and then make it public facing. the time to get a LAMP setup running is pretty close to <1min after a simple double-click on an installer. getting a sane/secure LAMP setup running is an entirely different story that you did not specify as being a qualification.


What I was implying was the cost of services, who are you going to host with?

Cost of maintaining, whos going to keep up with latest CVEs?

Cost of domain, registrars, SSL certificates.

Cost of all adds up. A non-tech IT business has minimal resources for all of that. They want "pay $, click, it works". Not a dedicated IT worker to serve all of above.

If you take say a tutor, a bassist, they don't want all that overhead. They want a platform where they can advertise their tutoring costs, a contact form and be done with it. WP isn't ideal but it works.

For someone who can host WAMP/LAMP, fine. But for the average folk, it's not. There was a reason why WP gained popularity to begin with and it was because it was easy to adapt and junior PHP developers were plentiful, just as junior python developers are now.


> If you take say a tutor, a bassist, they don't want all that overhead. They want a platform where they can advertise their tutoring costs, a contact form and be done with it. WP isn't ideal but it works.

Yeah and especially if they want to update it themselves. Wordpress makes that easy even for the non techies so the customer can do it themselves.

Of course the big Achilles heel of WordPress is the plugins and their vulnerabilities. So really you still need someone technical to keep it up to date, which is often forgotten.


Depends on what exactly you're getting out of Wordpress and what you dislike about wordpress. But Ghost, Strapi, Payload, and Craft are all really good CMS.

When it comes to e-commerce, Shopify. Or if open source and control is important to you, Saleor.


the only winning move is not to play

the funny thing is, to the vast majority of people that use WP, they won't even care if even know about all of the drama. even people that took some sort of WP bootcamp and earn a living managing other people's WP site probably are blissfully ignorant of this drama.

the people that might have some actual interest are the devs that create the various plugins/templates. but as someone else mentioned, if everything goes nuclear and everyone loses their damn minds, a more sane party can just fork the thing and call it something totally different without using the terms like "word" or "press".


There really aren't one-to-one replacements for WordPress and the whole ecosystem that comes with it.

I've actually been pretty happy with Pocketbase, though it really straddles the line of rolling your own CMS. You aren't technically writing the db wrapper or visual editor itself, but any functionality you need beyond authentication is up to you to build.


I've enjoyed GravCMS [1], another php based CMS that used markdown for its content instead of a database.

For those interested in migrating away, I wrote an exporter from WordPress to Grav [2], which, given recent events, I've pulled back out and am updating again.

[1] https://getgrav.org/ [2] https://github.com/jgonyea/wp2grav_exporter


Yeah, I also use Grav in Production in my personal website.

They are good people, but they definitely need more contributors!

What Grav lacks is momentum.


Basically any web programming stack offers a database editor/admin panel. Imagine a clean phpmyadmin with WYSIWYG editor and full/more control.

Imo it's easier to just roll a fresh rails project and use any admin gem than to write a custom theme for Wordpress


Publii (https://getpublii.com) is open source and super fast, without the need for PHP/MySQL.


I've used Vitepress for little blogs before. Git is the CMS. GitHub will even host it for free.

I cannot believe how much money people are will to pay for blog hosting.


I am pretty sure the core business of wordpress hosting services isn't blog anymore but all purpose brand/companies websites.


> feels just as fake

I suspect some of the controversy is fake. I've heard one of the previous 404 articles, alleging Wordpress training AI on self-hosted Wordpress sites, is fake according a semi-trustworthy source.

Speaking based on my gut feeling, the fact that so many low-caliber Wordpress controversy articles are all arising in quick succession seems odd to me. Some allegations seem credible, but I question to what degree they are newsworthy, given all the other scummier things corporations and institutions do these days. Perhaps now that Wordpress and Tumblr are owned by the same company, Wordpress is now seen as a more valuable target to attack.


This take is ignorant. Automattic is the one going on the offensive, nobody is "attacking" them.


The title literally made me laugh out loud. What drama! What intrigue! Can't wait to see what happens next.

Honestly, I have no horse in the race, so to speak. I think the people responsible for Wordpress code still suck because they still, in 2024, want the software itself to be able to write to where the software itself lives and runs, which is just bananas. It violates the first two rules of anything and everything on the web that I learned in the '90s:

* do not allow writing to anywhere that's executable

* do not allow execution anywhere that's writable


Indeed it's completely insane that any plugin can create a file in the site folder, and a public URL will execute it. And a site can have a dozen (or dozens in some cases) of plugins from various authors. It's a security nightmare, and I don't know of any (modern) language that allows such a situation other than PHP.


That has absolutely zero to do with PHP itself and everything with the abysmal state of Wordpress code.


Wordpress probably still enforces magic quotes which made me bail the hell out when I looked into it ten years ago.


Yea, Wordpress has always been a nightmare... But it makes things so convenient and that's what most people care about.


Isn’t that a good thing to want though? Something easy to use if you only care about content?


I mean does it matter if whether it’s a good thing to want? WordPress powers 40% of the web because it was convenient, powerful, and easy for someone with basic web skills to hack around with. The same things that people complain about today made it so popular!

Besides, read-only file systems can be used to handle massive sites that need better security (like nasa.gov). And those types sites are either writing their own plugins or heavily auditing which plugins they use.


Which is also why it is successful! You can get powerful plugins that way.

Is it much different from a windows app installer asking admin permissions then editing the registry and can plaster files anywhere.


Just chmod -w


This is just getting petty at this point. What kind of normal person or business operates this way - especially during an ongoing lawsuit.

I can't see how anybody who knows a bit about the situation would ever want to continue to be affiliated with Wordpress knowing this guy could go over the top at any moment.


I have no dog in this race, but the behavior does seem ill-advised even if you look at it through a pure legal lens. WP Engine's lawyers must be having a field day with this stuff.

Is he just totally ignoring his own lawyers? He has to be, because no lawyer who charges more than $20 an hour would tell him any of this is advisable.


Yes, very odd, since the class name for that new checkbox is even, "login-lawsuit".


He's appeared in several of related threads here on HN. He is always asked about his lawyers, and he repeatedly claims that they're cool with his behavior.


That's obviously a lie. And one of his lawyers - the fool that he is - literally confirmed it earlier today in another thread

https://news.ycombinator.com/item?id=41784343

"Despite our sometimes fervent wishes, lawyers don't control clients. We are not puppeteers"


I’m somewhat doubting that actually is his lawyer, though no one appears to be denying that it is.

It just feels so very odd. Why would Matt’s lawyer care what people say here? He doesn’t have to convince of us anything. The PR folks would like to convince us of stuff and I wouldn’t be surprised if they showed up, but why legal?

And what kind of lawyer says that about a client in an ongoing case on a public forum using an account in their own name?! It’s a level of unprofessionalism that I struggle to believe a reputable lawyer would engage in. If Matt is unreasonable to the point of needing to make a public comment, Neil should have just forced him to find new council and quit.

I’ll likely never have need for this specific type of council, but if I do there’s a brand new list of people I won’t hire with only a single name on it.


Just read the article that the guy wrote about the trademark and you'll have no choice but to conclude that he got his law degree from an internet college.


The article is also far more PR-y than I would have expected; the only law-related item is basically just a very long explanation of consideration and an assertion that what they’ve done counts as consideration. I have no idea if it does or not, but putting a lawyers name at the top doesn’t convince me it’s correct any more than if PR wrote it.

The whole thing is strange, and I can’t figure out why anyone would tie their ship to Matt in this storm. He’s a liability not just to himself, but to everyone supporting him as his antics start to reflect on his supporters. Even if people did support his position, Matt is preventing them from doing so publicly without also looking insane.


That makes me doubt it’s his lawyer. Lawyers shouldn’t publicly discuss their clients in a manner that paints them in a negative light. Fire the client first.


Matt is the GP post, there's no way he didn't see that comment, and yet he isn't chiming in to say that that isn't actually his lawyer.

Maybe photomatt is also a hacked account and real Matt just hasn't noticed yet?


> He is always asked about his lawyers, and he repeatedly claims that they're cool with his behavior.

Even there he's inconsistent. He spent a day or so talking about how his lawyer said "If you're in the right, talk all you like!", then a few days after that made an announcement about how he'd retained a lawyer just that day.


Someone claiming to be his lawyer popped into one of the threads and then played dumb about a blog post he supposedly wrote.

Hilariously bad look all around.


If I'm not mistaken both sides have hired some extremely prominent lawyers (Rachel Kassabian, Neal Katyal).


To see the requirement for the non-affilation goto https://login.wordpress.org/

EDIT (to save having a 2nd post). Looking at the HTML tags for the requirement it has the class "login-lawsuit", so guessing this is tried to the suit WPE are bringing against WordPress/Matt.

On one hand, I personally feel like Matt is trying to speed run burning all the goodwill of the wordpress project, on the other hand if you are being sued by an entity its pretty much recommended to cut ties with said entity and only deal with them via your lawyers so I can see why they would put in such a requirement.


Generally the recommendation is to freeze current ties with said entity until the court case gets worked out. By aggressively targeting the employees of said other organization, you're risking it being used against you in the ongoing court cases.

Regardless, .org and .com are claimed to be separate legal entities, so there is no lawsuit against .org. This is just an escalation out of a sense of moral righteousness.


.org is not the WordPress Foundation, it's just a domain that Matt personally owns and that is managed under the umbrella of Automattic.

Yes, it's confusing.


A previous version of the login prompt included a link to the lawsuit and this might be a remnant from that initial work.


For fun, I just tried to create an account and used WPEngine.com as my email domain.

I got the following error: "You cannot use that email address to signup. There are problems with them blocking some emails from WordPress. Please use another email provider."


If this is the actual error message, it's written very poorly. Sounds like it was written by someone frustrated with the fact that they had to write it at all, and made it up on the spot.


Is there really nobody in the Wordpress.org organization who can provide a check on this kind of behavior? Or do they really collectively share this Matt character’s attitude toward professionalism?


Wordpress is free as in owned by Matt Mullenweg. He has control of the Wordpress foundation, owns wordpress.org, etc. There aren't any adults who can put a leash on him, although I wonder WTF Automattic's board of directors is doing.


"Matt Mullenweg: 'WordPress.org just belongs to me'":

https://www.theverge.com/2024/10/4/24262232/matt-mullenweg-w...


It’s his personal website


Yeah, the WordPress foundation is just a façade to pay less taxes. If it were a true Foundation worried about its users Matt wouldn't do so much shit


Well, clearly there's someone who can provide a check box at least!


I can't speak to the merits or rightful grievances of Wordpress.org or Wordpress.com in this, but it is clear that Matt is fucking unhinged.


I've been using WordPress non-stop since 2005. I even hoped to someday work for Automattic. I applied and got through the initial process, but with a young child and a full-time job, I couldn't make time for the laborious "trial" part of the interview, so my application was put on indefinite pause. It pains me to watch this unfolding series of unforced errors. I hope WordPress survives.


There’s a thread on X here with screenshots of the WordPress Slack, where Mullenweg seems deliberately vague when people ask him what counts as “affiliated in any way”. It seems like he wants to spread Fear, Uncertainty, and Doubt about what can get you banned. People who have been asking him awkward questions in the Slack have started to get banned from there as well.

https://x.com/javiercasares/status/1843963052183433331

This is shunning, which is literally one of the hallmarks of a cult. If you are associated in any way with a suppressive person (WP Engine), you now cannot be a member of the WordPress.org community. Members of the community have to decide whether to shun WP Engine or be excommunicated themselves. He’s trying to use the community as a weapon.

It also seems a fertile ground to claim tortious interference. He’s trying to sever relationships between WP Engine and everybody they interact with.


He's not the only Wordpress contributor banned from Slack for asking questions about the checkbox:

* https://x.com/xwolf/status/1842548019289338346

* https://x.com/rmccue/status/1843967630585311595

* https://x.com/jonoalderson/status/1843985559745921046

* https://x.com/LinuxJedi/status/1843966957495939093

And from Javier's thread, Matt is gaslighting people by telling them to consult attorneys to decide the meaning of "affiliated" in a checkbox HE introduced.

Is paying for WPEngine hosting "affiliated"? https://x.com/LucP/status/1843926970763227255

Can we now agree that Matt has lost his marbles and his ego is leading him to burn the entire Wordpress ecosystem down? These are megalomaniacal and dictatorial actions.


A long-time WordPress pro friend got booted from the plugin team this morning.


Somebody should that video for Matt where slaps everyone - https://youtu.be/hHZvUeAdzeI?si=4TDBHjwCyK4BnijP


An "SEO Consultant"? You're using the word "contributor" very loosely.


Strange comment. The top WordPress plugin is focused on SEO.


Telling someone to "Please consult an attorney" when they ask if you can check the box if you pay for ACF Pro sure qualifies as inserting FUD into the ecosystem to my non-lawyer mind.

https://x.com/JavierCasares/status/1843963074904227945


I mean he already made sure his entire company were entirely yes-men who agreed with his behaviour. It's not a stretch to say he'd like to do the same with the community, especially given his actions of basically begging WPEngine to create an alternate ecosystem he is removed from. Nuts.


This is incredibly troubling; I cannot see myself ever using Wordpress going forward. It is just too risky.


What's the risk? You own the code, and you aren't pre-committed to updating to any new versions in the future. You can just take it and use it on your own forever. Many people do. What's their risk?


If Wordpress cuts off all your security updates on a whim, and you suddenly have to support that code base...uh, that's a seismic problem.


> What's the risk? You own the code, and you aren't pre-committed to updating to any new versions in the future.

This isn't a static website we're talking about — WordPress is probably one of the most attacked web software in the world given its footprint.

WordPress doesn't do LTS releases or backports either.


WordPress 3.7, which introduced automatic updates, received security backports all the way to 3.7.41. From 2013 to 2022. 4.1 and above are all still receiving them.


Doesn't WordPress officially only support the two latest minor version release though ? I can't find an official source at the moment but a quick googling seems to confirm that.


https://wordpress.org/documentation/article/supported-versio...

> The only current officially supported version is the last major release of WordPress. Previous major releases before this may or may not get security updates as serious exploits are discovered.

> …

> Security updates will be backported to older releases when possible, but there are no guarantee and no timeframe for older releases. There are no fixed period of support nor Long Term Support (LTS) version such as Ubuntu’s. None of these are safe to use, except the latest series, which is actively maintained.


I'm generally behind open source companies wanting to stop commercial freeloaders, but putting this fight in front of your users seems unhinged.

They need to take a step back. Again, I think they probably do have a trademark case, and they can set whatever rules they like for accessing their plugin repo, but this drama isn't something users appreciate.


> Last week, Mullenweg announced that he’d given Automattic employees a buyout package, and 159 employees, or roughly 8.4 percent of staff, took the offer. “I feel much lighter,” he wrote.

Wow, that's telling. 8.4% of his company decided he was acting in enough bad faith to quit without another job lined up in this economy? And he takes it as a good sign? Wow...


> 8.4% of his company decided he was acting in enough bad faith

No, they just took the offer. Some probably for that reason, some for other. You'd need to interview them to know their actual views.


And I very much doubt the other 91.6% are onboard with his actions. People just need their income.


Also if you are on a work visa you will be deported if you leave your job and don’t find anything in the couple of months after. Devastating if you’re a young family.


The offer was quite good honestly: people who left got a $30k buyout.


At least — or six months salary, which is higher (and even substantially higher) than $30k for I’d guess most people leaving


Either substantially higher or they don’t get paid enough.


I'm sure WP Engine will be happy to take them in.


Do you want antitrust investigations? Because this is how you get antitrust investigations.

Wordpress is nearly half of the Internet. There’s a pretty compelling argument that Matt is using his market power to prevent competition in violation of the Sherman act.


I mentioned this deeper in the comment chain, but WordPress the OSS software is used by a lot of people. But there are many WordPress hosting companies, so no single legal entity would come anywhere close to a monopoly.

By that logic, Linux has a monopoly on cloud web servers or something? But there’s no one company making that happen.


Thought experiment: Linus is hired by Canonical, adds Ubuntu's kernel live-patching to the kernel itself and removes kexec from the public API surface. Or we pretend it never existed in the first place, and requests and patches to add it are ignored (quite common in commercial open source).

I know there's an extra layer in the WordPress situation, because Matt personally owns wordpress.org, but he very evidently uses that position to further the goals of Automattic.

People have asked for a way to host all the wordpress.org online services themselves. There isn't even a way to configure a different endpoint. I'm sure that'll change after today, in WordPress itself, or in a fork.


Nearly half isn't enough to trigger antitrust. Especially because that nearly half is only mom and pop shops and not the ones doing the real big business. So I wouldn't be too worried about that.


Mom and pop are the consumers/victims here. And if 46% of all websites are WordPress, it’s probably likely that it has a monopoly on sites in its domain (e.g. blogging, commerce)


I don’t see how that’s even remotely possible. There are so many WP competitors it’s not even funny. Being OSS, it’s very easy to export your data from WordPress. So you could easily move from one of Matt’s hosting companies to somewhere else (or self host!) if that was important.

For competitors, on the small scale side, you have Wix/Squarespaxe/Weebly. Or just Shopify for e-commerce. For enterprise, Adobe experience manager is huge. Loads of places just write their own website and have their own CMS solution.

So no, it doesn’t even come close to having a monopoly on anything. And even if WordPress did, no individual company does. There are a huge number of different companies competing in the WordPress hosting space. Automattic doesn’t even host that much (https://w3techs.com/technologies/details/ho-automattic)


But nobody cares about blogging. At least not of the population block that not about to die off. Stories/Reels/meh are where attention is at now. Commerce? If it's not Amazon, it's nothing. After that for mom&pop shops would be Shopify/Etsy/otherNotSmallSites. Maybe FB Marketplace, Insta/TikTok type sales too. I honestly would be surprised if mom&pops are getting much from their own websites in today's world.


It's not just blogging. For example, the Whitehouse uses WordPress for its site. Nasa uses it on some of their sites as does the National Archives. On the commercial side you have The New Yorker, BBC America, Sony, Disney, Facebook and Bloomberg all using it in some capacity. There are many more of course, but that should give you an idea.

So, while you're right - online publishing doesn't have popular mindshare - it is a massive part of the online economy.

I'm not saying that qualifies WP for anti-trust investigation, but your underlying premise that WordPress is irrelevant is not congruent with reality.


I’ve worked on a good number of WordPress sites for several Very Big Companies and not one of them was a blog in any sense.

From an internal tablet tool for sales reps, to the entire help system for an MS product that got translated into iirc about 100 languages, to a shareable library of B2B solutions, I’ve not once worked on a WP project that was a blog.


It probably depends on which part of the Sherman act we are talking about.

Section 2, which covers "Every person who shall monopolize, or attempt to monopolize, or combine or conspire with any other person or persons, to monopolize any part of the trade or commerce [...]" has been found by courts, I believe, to require 50% market share (or sometimes more) to apply.

But section 1, which applies to "Every contract, combination in the form of trust or otherwise, or conspiracy, in restraint of trade or commerce [...]", does not as far as I've been able to tell have any market size threshold.


People in the Make.WordPress Slack are being banned for asking about this.


Threadreader link for anyone interested:

https://threadreaderapp.com/thread/1843963052183433331.html


Matt: "WP Engine doesn't contribute!"

Also Matt: shuts off all ways for WPEngine to contribute


Yeah, makes no sense to me.


What is going on here? I understand that open source companies have a free rider problem, and will naturally take steps to deal with that, but some of the recent activities seem… strange.

I’m thinking part of the problem is that the software itself is GPL and so is it’s ecosystem, which means that the standard next step of changing the license (followed by an inevitable fork) is infeasible.


It's not that at all. Matt wants money to flow to his commercial entity, or if they donate developers to the project, he still gets to see everything about their books. It's an invasive agreement designed to give his commercial entity a competitive advantage.


And work of the WP Engine developers would be directed by Wordpress.org, which is just Matt, not the foundation.

From https://automattic.com/2024/wp-engine-term-sheet.pdf:

Fee. In exchange for the License Grant, WP Engine shall do one of the following:

(a) Pay Automattic a royalty fee equal to 8% of its Gross Revenue on a monthly basis, within fifteen days of the end of each month. "Gross Revenue" means all revenue generated by WP Engine from the sale of its services, calculated without deductions for taxes, refunds, or other costs. WP Engine will also provide Automattic a detailed monthly report of its Gross Revenue within fifteen days of the close of each calendar month, including a product line breakdown of all revenues generated. Automattic will have full audit rights.

(b) Commit 8% of its revenue in the form of salaries of WP Engine employees working on WordPress core features and functionality to be directed by WordPress.org. WP Engine will provide Automattic a detailed monthly report demonstrating its fulfillment of this commitment. WordPress.org and Automattic will have full audit rights, including access to employee records and time-tracking.

(c) Some combination of the above two options.


> access to employee records and time-tracking

I’ve seen subsidies where hourly totals are required ‘employee records’?

Why does money go to Automattic instead of the Foundation?


> Why does money go to Automattic instead of the Foundation?

Matt wants Automattic to get the money and he controls both of them.


Absolute madness.


I don't even think this is about money anymore. Matt may have started this cruzade for money, but at this point is just pettiness and refusal to backpedal.


> It's an invasive agreement designed to give his commercial entity a competitive advantage.

Given how much they sunk into the boat anchor that is Tumblr, and how well Tumblr is doing right now, I'm not surprised they need any competitive advantage they can get.


I hope people take this chance to look elsewhere and stop using WP. Its code base is madness and people are only willing to work with it because some plugins keep it alive.


This is top tier cringe from the automattic team.


I have no horse in this race, my site is powered by Kirby CMS due to my preference for simplicity and security.

Wordpress seems like the dying Emperor in 40k where the daily sacrifice of thousands of psykers (developers) is the only thing sustaining its life.

If this drama craters the developer base then Wordpress might collapse under its own weight.


Wow, might be time to fork the project.



project was forked a while back in a semi-big way (classicPress) and I was super excited about it.

Some years later I believe the story I saw said that they had less than $200 / month being donated to the project to keep it going.

Now I LOVE the idea of a wordpress minus gutenberg, with all the code quality and security updates and modern themes and plugins all working together..

Do I think this is legit going to be sustainable with hardly anyone chipping in time and money - well, for an open source hobby site, $200 a year put into security might be fine..

Some of the more important websites using wordpress as a backend might want to rethink all of that.

Which is funny, because essentially that is what Matt is saying in the first place - for those who profit from it and can afford to, please donate so we can keep on keeping on.


A WordPress fork without Gutenberg doesn't really work as an alternative for sites built in the last five years or so.


I'd like you to expand on reasons for this? I can think of a few for some cases..

However I have around 50 websites or so that are running just fine without Gutenberg.. and if you count the number of updates WP and plugins and themes have rolled out since Gutenberg and multiple that by 50, most of these updates have been an annoying use of time.

That being said, Gutenberg stuff today is pretty mature and I do recommend it and use it projects launched post 2024, partially because it's mature at this point, but not insignificantly because it is built into core.

I railed long ago that Matt and co should develop Gutenberg, but do it as an optional add-in.

I would still build sites today without it if it wasn't baked into core..

altough I will say that as of today, core gutenberg and default theme with FSE is a fine way to build,

it's different in many ways, sometimes confusing especially for those who are not used to navigating around FSE differently - but it can be decent to look at on the front end with default tools, and it's lean as far as size and page speed / load time (comparatively speaking).

But depending on the use case, and what tooling one may already have at hand, I still feel it could be fine to build without Gutenberg completely.. astra / spectra and stuff from brainstorm force for example would be decent to build with the past few years with not guten needed..

other page builders like siteorigin's were already doing most the things without the delays in development, and removal of standard long standing features like the menus screen and hiding the custom css option..


As you said Gutenberg (and now FSE) are in core and the default for developing and authoring WordPress sites. For ClassicPress to be an alternative, you would've had to have intentionally veered from what WordPress gave you.

Sure, some sites may have chosen to use a site builder or Classic Editor with ACF, but those that didn't are left out in the cold by ClassicPress's decisions.


It may not be apparent now, but I believe the main point of classic press was that so many people did not want Gutenberg and they were forcing it in anyway - that classicPress - the whole point of the project is to build with gutenberg and not have the bloat 'from what WordPress gave you'

I don't think it's just 'some sites' choosing to use other builders and reject Gutenberg. the plugin repo shows that the 'classic editor' plugin has over 10 million active installations.

(classic editor removes gutenberg from the backend screens) - so it's not being left out in the cold, it's keeping things running fine without Gutenbloat.

So there was/is a huge need for ClassicPress - it's just that there is an easier way to get a very similar result with WordPress and that is install an extra plugin to remove the 'new plugin' of Gutengerg -

and since it's so easy to get back the functionality with a few clicks, may people are leaving many websites without the performance boost of leaner WP and getting the same classic backend..

If autaomattic had not put the classic editor in the repo, many more would of sought out the fork and classicPress would be dealing with more than 10 million sites relying on it.

This has been a pretty big issue for some time now, and only very recently would I start to lean into Gutenberg being a mature enough replacement that I start to advocate for it's use.

But really there is no need for it - if you wanted a page builder years ago there were plenty, and still are.

The great thing about it has been the pulling in other aspects like performance issues and reusable styles and such - so it has helped make WP better in other areas along the way, so now I am okay with it.

Being left out in the cold without Guten just means a leaner site that loads faster unless you get into elementor or some other heavy bloatware to have click/drag GUI - but it's not the only option now or back then.

Today, it's fine either way.


WPE is the most profitable business in the WordPress space, and they haven't changed a single line of code in WordPress or so much as contributed a dime. So if you're eager to volunteer to be their free labor, be my guest.


That is absolutely and factually incorrect.

Several of the most popular plugins are maintained by WPEngine.

WPEngine donates/sponsors hundreds of thousands of dollars a year to WordPress community events. Indeed, the convention where Matt went "nuclear" was sponsored by WPE to the tune of $75,000 (and despite these all being supposedly independent entities, somehow WPE was banned from attending by the Foundation. No refund, though).

> So if you're eager to volunteer to be their free labor, be my guest.

Matt is demanding that WPE provide his for-profit company, Automattic, free labor, to be directed as Automattic see fit. Not the Foundation, not the open source project.


I bet you those are sales / networking events and a WordPress software developer wasn't invited to a single one.


You'd be entirely wrong, then. That event was WordCamp, "the largest annual gathering in the U.S. of WordPress users", an event started by Matt Mullenweg:

> WordCamps come in all different flavors, based on the local communities that produce them, but in general, WordCamps include sessions on how to use WordPress more effectively, beginning plugin and theme development, advanced techniques, security, etc. To get an idea of the types of sessions typically seen at WordCamps, check out the WordCamp channel at WordPress.tv.


Maybe I'm missing something here, but isn't Wordpress open source? WPE is under no obligation to contribute source code or money. If WP is unhappy with the outcome, they should have released their product under a different license.


I'd argue there is a moral obligation to support open source projects if you rely on them as a cornerstone of your business. However it's not a legal one.

Open source is based on idealistic and community based mindset and modern tech is now based around extracting the dollars. The two aren't really compatible and it's really quite sad to see.

That being said this the most stupid way to go about it.


I'd argue there is an even greater moral obligation to honor what your contracts say and don't say, and thus keep your word. Doing what you say is pretty key to the concept of integrity, which outweighs Matt's driving desire for more money.

The moral obligation to not screw over a million innocent users also outweighs Matt's driving desire for more money.


I agree. If Matt was smart, he would have spent the last ten years maintaining his advantage rather than ignoring the problem. Now that he's backed into a corner and forced to get real nasty to survive, I can't believe how much tech people are falling over themselves to shill for the slimy salesman organization. Only tech is like this. Folks like union workers would lay down their lives before crossing a picket line. But the concept of solidarity is completely lost on tech workers. No one turns against their own like us.


How would you feel about Google if they used things like Linux and never contributed anything to open source? As the most profitable entity in the WordPress space, WPE has a duty to give something back. What Matt is asking for isn't unreasonable.


When Google contribute to open source, they often do it to scratch their own itch. That's how most open source organizations works. What Automattic wants from WPE as laid outs in their term sheet is to dictate what WPE contributes and audit their accounting. Not exactly on the same playing field as other corporate contributions to open source projects. Not to mention the non-forking clause.

Maybe setting up a proper independent governance of the WordPress project would encourage more independent contributions.


That’s the point of the license WordPress is developed under - WPE, in fact, does not have a duty to give anything back.


I would hope Google would help out, but I would also realize that it's ultimately their own choice if the license allows them to use it without donating time/money.


I wouldn’t mind because that’s what Linux agreed to when they chose the GPL route.


WP.org should add this to their license then:

>"it's free but only until the project owners deem you too successful and then you'll have to pay 8% of your revenues to support the project".

https://world.hey.com/dhh/automattic-is-doing-open-source-di...


I am very erratic on agreement with DHH's screeds, but this one hits the mark.

Among all the more visible issues with this whole situation, he calls out a few things that I think need more awareness:

1. Matt decries Private Equity as leeches and freeloaders on free software, open source, and their community.

2. Automattic invested in WPE in the early days. In fact, Silver Lake, the PE firm that owns WPE, bought Automattic's share! Automattic sold to PE.

3. The WP Foundation has three members, two of whom show any sign of activity: Matt himself, and another person that Matt personally appointed who is... drum roll... the Managing Partner of a Private Equity firm.

Somewhat ironic for someone who shit talks their competitors and Private Equity so vocally.


How we feel matters not, the license does. Before and after Google there is Linux. Same for Matt and this CMS lineage


Of course it is unreasonable.

He chose to use an open source license and benefit from all that open source entails.

You can’t turn around and ignore the terms of the license just because it doesn’t suit you.


Wordpress itself is a fork, so they had to keep the license


Yeah, that's unfortunate, but... how many companies contribute back to Next? React? Node? PHP? Postgres? Linux?

They don't get secretly blackmailed and publicly shamed for failure to do so. There are a lot of other WP hosts too (Pantheon, Cloudways, etc.) and they also don't get this same treatment, unless they all silently paid up and we just didn't know...?

Sure, there's a gentleman's understanding that companies with resources should contribute back to the projects they use, but it's not a hard and fast moral or legal code.

It's disturbing and frankly terrifying for all downstream WordPress companies and users for Matt to blow this so out of proportion to the actual crime of "failing to contribute back to open source", which so many of us are guilty of every single day.


Down with rent-seeking!

If a 'company' is just digital landlordism it's not surprising makers don't want to subsidize your free ride...


Hitherto unexplored realms of petty.


“WP Engine is free to offer their hacked up, bastardized simulacra of WordPress’s GPL code to their customers, and they can experience WordPress as WP Engine envisions it"

Does anyone know what the context about this is? What did WP-Engine change which Matt disliked?

As I understand they were disabling page revision history (but would enable it if you asked) and only because they had some other proprietary to wp-engine method of versioning and rollbacks but this seems like a massive overreaction to that.


It's about revision history, as Matt laid out here: https://wordpress.org/news/2024/09/wp-engine/

However, disabling revision history is a setting offered as part of WordPress: https://wordpress.org/documentation/article/revisions/#revis...

I'd argue that WordPress.com, the paid hosting platform that Automattic operates, is more of a "hacked up, bastardized simulacra of WordPress’s GPL code". By default you can only load a subset of themes or plugins and only if you choose the Business plan or higher. This seems like a bigger issue than having revisions turned off with a WordPress-provided setting.

It also seems a bit rich to be offering a product using the GPL license and then being upset that people make changes to it?


Its not about revision history. That's just one of 429 contradictory reasons that matt has given for why he's doing this. Dont take ANYTHING that guy says at face value - he's a psychopath

Youre absolutely right though - WP dot com is by far the worst offender of his own standards.


Revision history is the only fig leaf here though about wp-engine being "bastardized wordpress" ?

I suppose I understand the argument about wp-engine using significant wordpress.org resources has some merit (but is entirely unrelated to the bastardization argument) if wp-engine is just fetching things like wordpress updates and plugin lists and plugin updates, etc, all directly from wordpress.org servers on a per-blog basis but I find it hard to believe that wp-engine doesn't cache or have their own layer for that.


at some point the disagreement about revision history will be settled through revisionist history


Honestly this seems like Matt just wants WP Engine to give him a ton of money, and when they refused his extortion he threw a temper tantrum and abused his dual lead as head of Wordpress.com (the commercial wordpress) and Wordpress.org (the supposedly independent foundation). The lawsuit that WPEngine filed against Automatic and Matt specifically is a hell of a read.

https://wpengine.com/wp-content/uploads/2024/10/Complaint-WP...


The foundation isn't even 'wordpress.org', it's 'wordpressfoundation.org'. The 'wordpress.org' site is wholly owned and managed by Matt (using Automatic resources from what he's said).

So, it's not just his dual role, it's his triple role.


Per https://wordpress.org/news/2024/09/wp-engine-banned/ and https://x.com/photomatt/status/1838502185879167069

I believe that WPEngine disabling the admin news feed that displayed his posts directly to WPEngine's customers was the tipping point for calling it a hacked up, bastardized simulacra


That was after he made a personal post hating on WPEngine show up on all dashboard of all WPEngine customers.

I read the revisions are often turned off as they cause major issues with database performance. It is a standard feature of wordpress too but them turning it off by default triggered matt


I run a couple of WP instances on a shared hosting service (not WPEngine), and honestly I have no need for the admin news feed. If I knew how to turn it off I would.

That is a weird thing to get upset about.


Is it? I don't know Matt, but it sounds just like Musk forcing his feeds to the top of everyone, or everyone forced to being Tom's friend.


I think the key difference is that Twitter or MySpace wasn't GPL software. Matt is complaining that someone modified "his" GPL software, as the license he's using grants them the privilege to do.


I was referring to the admin news portion being forced upon everyone, not the state of code availability


WordPress doesn't like products/orgs that offer services related to WordPress using "WP" in their name to imply affiliation with WordPress. WordPress has recently updated their terms of use to reflect this.

Matt is also on record criticizing WP Engine for never having donated to the WordPress Foundation.

This is all coming to light after the breakdown of licensing negotiations between Automattic and WPEngine

EDIT: https://www.therepository.email/mullenweg-threatens-corporat...


> WordPress has recently updated their terms of use to reflect this.

That’s… a very odd way of portraying this.

The policy, for like a decade, was:

“The abbreviation “WP” is not covered by the WordPress trademarks and you are free to use it in any way you see fit.”

https://www.reddit.com/r/Wordpress/comments/1foknoq/the_word...


Sure, allow me to clarify.

Matt voices a number of grievances including WP Engine's changes to WordPress, their use of the term "WP", their donation/sponsorships, and more. At first glance they all seem a bit silly.

The important context, in my opinion, is that this comes after the breakdown of a licensing agreement between WP Engine and Automattic, an agreement that would've seen tens of millions of dollars paid to Automattic by WP Engine for a license that WP Engine does not think they need.

To put a point on it, none of the things WP Engine is accused of doing were problematic before the breakdown of licensing negotiations or the filing of WP Engine's lawsuit.


But they explicitly say, and have for years, that “WP” can be used by anyone for any purpose.

You can’t turn around and try to enforce that.


>But they explicitly say, and have for years, that “WP” can be used by anyone for any purpose.

>You can’t turn around and try to enforce that.

I'm not sure what you mean. WordPress is quite clearly turning around and trying to enforce that.

It's a shakedown, the whole point is to force WP Engine back into licensing talks. A bulletproof legal foundation isn't necessary, just a legitimate complaint that can force WP Engine into court.


This is a bit of after the fact complaining. Matt invested in WPEngine for many years and it was a-okay then for them to use WP, and in fact WP's own terms said WP was a free to use term for everyone. That was only changed when the legal squabbles started.

The main legal issues are around using "WordPress" and "WooCommerce"


> Matt is also on record criticizing WP Engine for never having donated to the WordPress Foundation.

Donate, perhaps. Sponsor? The Foundation event where Matt "went nuclear" last month was sponsored by WP Engine to the tune of $75,000. And was one of many donations this year.

(Adding insult to injury, the "independent" Foundation banned WP Engine from attending the event they were sponsoring... because they were in dispute with Automattic.)


There's a difference between sponsoring an event and donating to the operations of the core project. I know nothing about the specifics on the event, but I've done events where $75,000 would almost cover the cost of the stage. I've also seen events where the cost of the event was covered by sponsors many times over.


The foundation doesn't even contribute to core development anyway. Check out their yearly financial reports. In Matt's world, the only 'donation' that would directly support development would be to the commercial entity Automatic who is a direct competitor.


There is. But Matt's BS "They've done nothing for WordPress but leech and freeload and give back nothing to the community" is patently false.

Don't even start me on how "President of the WordPress Foundation, Matt Mullenweg", accepted their sponsorship check and then disinvited them from the event because they were in a conflict with "President of Automattic, Matt Mullenweg", and wouldn't even return the sponsorship check. In essence, if nothing else, that makes it a donation, because they sponsored the event, but got nothing for their sponsorship except knowing they... uhh... contributed to the community.


Matt really wants to dig himself into a deeper and deeper hole, huh?

There’s still something entertaining to this for sure, but it also hurts so much. Wordpress used to be a respectable project, Automattic a respectable company and Matt a respectable person. Maybe it was too good to last.

The only way any of this (already serve) damage can somewhat be undone is Matt stepping back (as a sudden change of mind seems unlikely). Please don’t keep making it worse.


> There’s still something entertaining to this for sure, but it also hurts so much. Wordpress used to be a respectable project, Automattic a respectable company and Matt a respectable person. Maybe it was too good to last.

This was a mask off moment, but he's always been like this. He had a similar blow up in February when he harassed trans users on Tumblr (https://mashable.com/article/tumblr-transphobia-matt-mullenw...) (https://deadsimpletech.com/blog/told_you_so).


The expectation: https://www.youtube.com/watch?v=3OR_D2EEPS4

The reality: https://i.redd.it/asjc0wtjarkc1.png

Basically, Matt was in the right that time.


Looks like the word "denounce" is not used in the right sense here, at least based on what I know, and on a quick google, although it may have another meaning that matches what was intended by the writer of the article.

https://dictionary.cambridge.org/dictionary/english/denounce


> The checkbox on the login page for WordPress.org asks users to confirm, “I am not affiliated with WP Engine in any way, financially or otherwise.”

I think the word "disavow" is almost a perfect fit here, as in "the logon page requires users to disavow WP Engine".

> [Disavow:] to say that you know nothing about something, or that you have no responsibility for or connection with something

https://dictionary.cambridge.org/dictionary/english/disavow



Closer, but--since were already in nerdy nitpick mode here--"renounce" is like "quit" and suggests a distinct change of states. Many users will be technically incapable of "renouncing" WP Engine because they were never linked to it in the first place.


I’m a fan of “repudiate”. It’s got heft to it, like an antique pocket watch.


It does have a nice gravitas to it, however I think "repudiating something" suggests a kind of vocal and intentional opposition, as opposed to allowing for a kind of disinterested neutrality.

While Wordpress.org would probably like its visitors to oppose or criticize WP Engine, you don't have to do that to get past the logon page, being uninvolved is sufficient.


Should be "renounce" presumably.


What. The. Hell.

Just to get this straight. If you are in the business of creating websites for clients, and most of them are hosted on Wordpress.com, but a few are hosted on WPEngine, you are now forced to no longer use Wordpress.org and can't participate in the community?

Our company website is hosted on WPEngine, and has been there for years because we don't really touch it much. I literally log in once a year or so. The idea that because of this, I am barred from logging in to Wordpress.org is offensive and disgusting.

I really don't have much of a dog in this fight, I'm a lightweight customer of WPEngine but barely interact with it so don't care much. All I know is - I'll never, ever agree to work with Wordpress again.


Can't you choose either way (check or not) without any repercussions? I would think that you do considering Matt's answer "I can't decide it for you [whether or not you are affiliated]".


Try it.

"Please check this box if you want to proceed."


If you check it despite being affiliated, are there any potential complications that could arise?


So what happens if you are not affiliated when you log in while also clicking the "remember me" option, but later become affiliated? Seems like there's a loophole available for those inclined in being subversive


I would go further than that - does this checkbox serve any real function, or is it just dead code / no-op? Are there any repercussions for lying?


Is anyone working on a Wordpress clone? I've always hated the wordpress codebase and especially the react editor. I think a successful clone would be API equivalent so existing plugins can be used.


Ridiculously petty. I genuinely wonder how the fuck Matt and Automattics lawyers are gonna argue him out of this shit, because this is pretty much just giving free arguments to your opposition when it comes to arguing that Automattic is self-dealing.


They've already made their argument: WordPress.org has nothing to do with WordPress, Automattic or the WordPress Foundation. It's owned and operated by Matt privately solely out of the kindness of his heart and his love for open-source.


Who is paying the WP.org hosting bills? Is that coming from Matt? The Foundation? Automatic?


Ignoring direct monetary costs, if WordPress.org is wholly owned by Matt (not Automattic) and he's directing Automattic resources to maintain the site, is that not some kind of violation of fiduciary duty to Automattic? He's using company resources to maintain a personal project.


Decades ago Automattic was shopping around for webhosting space and talked to the company I worked at. I feel like I dodged a bullet long ago with this.


Entertaining. Tripling down on a bad decision. Mans mad.



Email the mods a link to your comment and they'll make it right; otherwise they may never see it.


I spoke to matt and he seemed nice enough to me so for me its weird to see such a radical stance from him on something like this


I'm sorry. His facial expressions and ways he answers questions paint a very shady picture when he talks on this topic.


Nailed it - his body language is a) never normal and b) never agrees with what he's saying. He's trying to look innocent, folksy etc..., but he cant handle the dissonance.


He sounds like a multi faceted person to me


Everybody sounds insane when they let themselves get involved in internet flame wars.


He's the Elon Musk of PHP.


Similar to that post on WordPress.org, WordPress is not PHP.


McCarthyism for the blogging generation.


Is this login mechanism also used for publishing plugin updates? Does that mean the plugins can no longer distribute security updates on the .org repository unless they declare no affiliation with WP Engine?


Too much for calling "a software foundation". That behaviour is damaging for the whole open source community.


Wow that's petty.


Hacker news is overloading the website. It now returns 429


Classic


Turning everything into an ideological battle is so exhausting, why is crap like this still happening.


This is pretty childish. But also, unfortunately, probably required by some legal team.


But why is this all blowing up now ?

Private equity (SilverLake) bought WP Engine in 2018 and presumably the company has not been paying a trademark licensing fee far longer.

[1] https://ma.tt/2024/09/wordpress-engine/


This is a great test to see if there is an actual WordPress open source contributor community beyond Automattic.

If no viable fork of WordPress arises out of this drama then it just goes to show that it is actually a product fully controlled by Automattic and WordPress.com and everyone else involved is just spineless with no real power or contribution.

When a single identity can dictate terms of an open source product with no genuine conversation or compromise, then it may as well be a closed source commercial product.


> “WP Engine is free to offer their hacked up, bastardized simulacra of WordPress’s GPL code to their customers, and they can experience WordPress as WP Engine envisions it,

That just reads like petty tyrantry to me. Stop me if I'm wrong here but isn't wordpress itself just some PHP on top of a database? The value that he's gatekeeping here is actually the contributions of _other open source developers_?

Stop me if I'm wrong but isn't this the pot calling the kettle black?


By his logic, WordPress itself, being a fork, is bastardized version of the original.


Technically, Facebook is just some PHP on top of a database :)


Yep. And the value they have is _your data_. It'd be a similar situation if Zuckerberg was playing "fealty games" with who could and couldn't get an API key.


what a bunch of freaking babies. very glad i never invested heavily in that ecosystem.

how to get me never to recommend or use your software or services ever again, 101

get fucked, wordpress


i would choose different words, but hell yes! all the years "open" source


I fully expect a WPE-backed fork before anything is in court.


They won't need to fork WP itself (though they're totally free to do that, WP started as a fork after all), but it sounds like they may need to quickly focus on creating their own plugin and theme marketplaces, and other services that WordPress.org provided to WordPress CMS users but is not denying to WPEngine.

Let this be a lesson to all of us - if you rely on a service provided by another organization external to your organization, get an SLA! Get a contract that guarantees you the provision of services you depend on.


> if you rely on a service provided by another organization external to your organization, get an SLA! Get a contract that guarantees you the provision of services you depend on.

Getting "takers" to pay for SLAs/licences is pretty much what Automattic or whoever's behind WordPress dot org wants.


The whole divergence of this kerfuffle into the resource usage of WPE hosted WP sites against the WP.org site is a distraction and an ex post facto justification. Matt got twisted when WPE wouldn't pay Automatic and is lashing out. If he wanted them to cover costs for WP.org, that would have been a totally different conversation.

Even crying foul over WP.org costs is disingenuous though. It's not WPE consuming the resources, it's the sites they host for customers. It'd be like Matt demanding 8% of AWS revenue because so many sites are hosted by them and accessing WP.org resources. Simply collecting the hosting of multiple WP sites under one provider should in no way obligated the provider directly. Either it's a freely accessable resource for WP sites or it's not. It should not be subject to the whims of a single person and used as a tool in their personal crusade.

Given that it's clear that WP.org is not actually a freely available resource, it's imperative that the WP codebase be adjusted to not use that resource anymore.

As I've said in most of my posts on this, I'm not involved in the WP world and have no ties to any party to this debacle.


Petulant.


cold.


[flagged]


> I can see many reasons to deploy such a thing

Care to share?


Could be advice from a legal counsel to limit access since they have filed a suit against you?

I imagine if I had a company that asked someone to chip to help cover bandwidth and server resources, and they refused to pony up, I would say you are going to be limited in your access - and this would be another way to limit it.

If someone setup a system to steal all youtube videos and republish them, would it be reasonable for Google to add a captcha and demand that they not use thier bandwidth or content in way they don't like? Would it be cool to have a login system similar if detected?

This is more about access to a site and those servers than it is about being able to clone and use WP code imho.


Is it mandatory to check it to login? The default is unchecked. I doubt normal users would check it unless they are forced to.


It is mandatory, and one of the CSS classes used is "login-lawsuit." Incredibly unprofessional, I would be mortified to push something like that into production.





Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: