The conflict between WordPress and WP Engine over the Advanced Custom Fields (ACF) plug-in has escalated into a bitter battle that is causing confusion among users and potential security risks. The dispute arose after Matt Mullenweg, founder of WordPress, decided to fork ACF into a new version called Secure Content Fields (SCF) and cut off WP Engine’s access to WordPress.org’s update servers.

Following the fork, sites using the free version of ACF with auto-updates enabled will automatically switch to SCF and receive updates through WordPress.org. Those who wish to remain on ACF and receive updates from WP Engine will need to install an alternate update mechanism provided by the vendor. Paid ACF customers will continue to receive updates directly from WP Engine without any changes.

Mullenweg’s decision to fork ACF came after launching scathing attacks on WP Engine, accusing the company of profiting off the open-source model while giving little back to the community. He demanded a trademark license from WP Engine and banned the company from accessing WordPress.org resources. WPE retaliated by filing a lawsuit against Automattic and Mullenweg, citing abuse of power, extortion, and greed.

The ACF team at WP Engine argued that Mullenweg’s actions violated open-source guidelines and set a troubling precedent. They dismissed his claims about the plug-in’s security and stated that the decision to fork ACF was inconsistent with open-source values. They urged organizations using the free version of ACF to download a specific version from Advanced Custom Fields to continue receiving approved updates.

The field chief technology officer for SlashNext Email Security, Stephen Kowski, warned of potential user confusion and migration work due to the conflict between WordPress and WP Engine. Automatic updates could lead to unsuspecting transitions to the new Secure Custom Fields plug-in, causing uncertainty among users. Kowski emphasized the importance of users conducting due diligence to choose between WP Engine’s original ACF plug-in and WordPress’ forked version, Secure Custom Fields.

Kowski also raised concerns about potential security risks associated with the update process, as users may not be aware of the changes or fail to transition properly to the new plug-in. He advised users to exercise caution and carefully evaluate the plug-ins they use to ensure they are getting updates from trusted sources.

Overall, the ongoing dispute between WordPress and WP Engine over the ACF plug-in has created a complex situation for users, highlighting the challenges and risks involved in managing open-source software. It remains to be seen how the conflict will unfold and what implications it will have for organizations using the plug-in in the future.

Link na izvor