WordPress.org Forks WP Engine Plugin to Address Security and Commercial Issues

WordPress.org Launches Secure Custom Fields: A Fork of Advanced Custom Fields

In a significant move for the WordPress community, WordPress.org has officially introduced a fork of the popular Advanced Custom Fields (ACF) plugin. This new version, aptly named Secure Custom Fields, aims to eliminate commercial upsells and address a critical security issue, as revealed by WordPress co-founder and Automattic CEO Matt Mullenweg.

Background of the Update

The announcement regarding Secure Custom Fields came following WP Engine's lawsuit against Mullenweg and Automattic. While the specific security vulnerability has not been detailed, Mullenweg referenced "point 18 of the plugin directory guidelines," which empowers the WordPress team to act in the best interest of the community, including modifying plugins without developer consent when necessary.

Details of the Fork

Mullenweg highlighted that this update is a "minimal" intervention with a primary focus on improving security, ensuring that users can continue to take advantage of custom fields in WordPress without the interference of unwanted commercial tactics.

Previous Situations and Unique Challenges

While instances of plugin adaptations are not uncommon, the magnitude of this incident is unprecedented. Mullenweg noted that the recent legal actions taken by WP Engine have created a unique situation, and he does not foresee similar occurrences affecting other plugins in the ecosystem.

WP Engine's Stance

In response, WP Engine's ACF team has publicly asserted on X (formerly Twitter) that WordPress has never before removed a plugin from its creator without consent. They have provided guidance for those who are not users of WP Engine, Flywheel, or ACF Pro to download the genuine 6.3.8 version of the plugin directly from the ACF website, ensuring they can continue to access updates.

What Secure Custom Fields Offers

The original ACF plugin was designed to empower website creators by providing custom field functionality when the standard options did not meet their needs. Although WordPress does have native custom fields, ACF significantly enhances this feature with a user-friendly interface, making advanced customizations much simpler.

Conclusion

As the dust settles from these developments, it remains to be seen how the community will embrace Secure Custom Fields. The ongoing legal challenges may also shape future interactions between plugin developers and major players within the WordPress ecosystem.

For More Information

For those interested in exploring the changes or needing assistance with the Secure Custom Fields plugin, please refer to the official WordPress documentation or the plugin's dedicated support channels.

Stay tuned for further updates as we continue to monitor this evolving situation!