Month in WordPress: September 2024

On September 21st, during WordCamp, Matt Mullenweg, CEO of Automattic (WordPress.com, WooCommerce, JetPack, and more) and the WordPress Foundation, publicly criticized WP Engine for using "WP" without proper trademark licensing:

"Their branding, marketing, advertising, and entire promise to customers is that they’re giving you WordPress, but they’re not. And they're profiting off of the confusion. WP Engine needs a trademark license to continue their business."

Mullenweg elaborated, "We offered WP Engine the option of how to pay their fair share: either pay a direct licensing fee, or make in-kind contributions to the open-source project."

This statement opened a Pandora’s box, bringing to light issues that have seemingly been simmering behind the scenes for years. WP Engine’s response to Mullenweg's claims came swiftly and assertively.

In retaliation, WP Engine initiated legal action against Automattic, accusing Mullenweg of tarnishing their reputation and business. Their statement was sharp:

"Mr. Mullenweg’s statements reflect a clear abuse of his conflicting roles as both the Director of the non-profit WordPress Foundation and the CEO of for-profit businesses that compete with WP Engine. His demand for WP Engine to hand over tens of millions to Automattic, all while posing as a protector of the WordPress community, is disgraceful."

For the trademark issue, WP Engine firmly rejected Mullenweg's claims. They argued that his accusations were baseless and showed a "profound misunderstanding" of both trademark law and the WordPress Foundation’s own policy.

WP Engine pointed out that their use of "WP" is explicitly allowed by the Foundation’s trademark guidelines, which state: “The abbreviation ‘WP’ is not covered by the WordPress trademarks and can be used freely.”

They further emphasized that their use of the WordPress name has always been compliant with trademark law and has been standard practice for over a decade, just like many other companies within the WordPress ecosystem.

On September 25th, Mullenweg took further action by blocking WP Engine and its customers from updating or installing plugins and themes via WP Admin, effectively locking them out of WordPress.org’s resources:

What I will tell you is that, pending their legal claims and litigation against WordPress.org, WP Engine no longer has free access to WordPress.org’s resources.

WP Engine appeared unprepared for the sudden action and did not have a workaround in place for mirroring the repositories. They informed their customers that, until the issue was resolved, they would need to manage plugin and theme installations and updates manually.

By September 27th, the ban was temporarily lifted until October 1st, providing WP Engine with a month to set up their own mirrors of WordPress.org’s resources. Mullenweg commented:

We have lifted the blocks of their servers from accessing ours until October 1, UTC 00:00. Hopefully, this gives them time to spin up their mirrors of WordPress.org’s resources, which they were using for free while not paying and making legal threats.

Interestingly, Automattic itself once invested in WP Engine back in 2011, at which time there were no apparent concerns about trademark misuse. The sudden escalation in 2024, therefore, comes as a surprise to many in the community.

The WordPress community's response to the conflict has been overwhelmingly negative. Many users are concerned that this battle between two industry giants could harm the broader ecosystem.

While some feel it is reasonable for companies profiting from WordPress to contribute more to its development, others are frustrated by the suddenness of the decision and the lack of transparency. The abrupt nature of these actions, taken without prior public discussion, has left many users and businesses in a difficult position.

E.g. Joost de Valk, a co-founder of Yoast, shared his thoughts and suggested creating a WordPress Contributor Board, that will discuss the roadmap and future of WordPress publicly:

We need to find a way to have a group of people who represent the community and the contributing corporations. Just like in a democracy. Because, after all, isn’t WordPress all about democratizing?

Now I don’t mean to say that Matt should no longer be project leader. I just think that we should more transparently discuss with a “board” of some sorts, about the roadmap and the future of WordPress as many people and companies depend on it.

With such a group, we could also discuss how to better highlight companies that are contributing and how to encourage others to do so.

Although it may not be immediately clear from the previous chapter, the ACF team, as part of WP Engine, can no longer release new updates for the free version of the plugin on the WordPress repository.

To continue receiving automatic updates, you'll need to download the latest ACF release from the official ACF website. This version is connected to ACF's new update servers, as outlined in their article.

WordPress 6.7 is scheduled for release on November 12th, 2024, and introduces significant updates alongside refinement of existing features. One of the highlights is the new default theme, Twenty Twenty-Five, which aims to cater to a wide range of bloggers, from personal bloggers to complex news sites.

Another major feature is the ability to zoom out while composing content, particularly when working with patterns, offering a more streamlined way to interact with and edit pages. Additionally, the Template Registration API is introduced to simplify the process for plugins that register templates, making it easier for developers to extend WordPress functionality.

This release focuses heavily on improving the user experience through enhancements to key features like the Query Loop block and media handling. For instance, WordPress 6.7 will support HEIC image uploads and background images for all blocks with global styling capabilities.

There are also updates to design tools, including more block customization options, such as shadow and border supports. The overall goal is to make WordPress more intuitive, customizable, and powerful for both end-users and developers.

On the technical side, WordPress 6.7 continues to expand its API offerings, with improvements to the Preview Options API, Interactivity API, and the HTML API. These updates aim to enhance flexibility for developers while maintaining performance and stability. The release also includes efforts to ensure better support for PHP 8.x by removing outdated code.

Starting October 1, 2024, WordPress.org will require plugin and theme authors to enable two-factor authentication (2FA) to enhance security. This new requirement aims to protect accounts with commit access, which have the ability to push updates to plugins and themes used by millions.

In addition to 2FA, WordPress.org will introduce SVN-specific passwords to further safeguard account credentials. These passwords will replace the main user account password for committing changes, ensuring an extra layer of security.

Authors are encouraged to configure 2FA and generate an SVN password via their WordPress.org profile.

Automatic is starting a major project to migrate Tumblr's backend to WordPress, while keeping Tumblr’s unique experience intact. The goal is not to transform Tumblr into WordPress but to leverage WordPress infrastructure to improve both platforms.

Note: Automattic acquired Tumblr in 2019, marking the company’s biggest acquisition at the time.

FYI: Tumblr is a microblogging platform where users share multimedia content like text, images, videos, and GIFs, focusing on creativity and self-expression. Unlike Facebook, which centers on profiles and social connections, Tumblr is more about following blogs and sharing interests. Users can reblog (similar to sharing), customize their blogs with themes, and interact with posts through likes and comments.

This migration will streamline cross-platform development, allowing features to be shared between Tumblr and WordPress. Although the task of migrating Tumblr’s vast network of blogs is complex, Automattic is determined to succeed.

According to Nick Weisser of Openstream, this migration could significantly boost WordPress's market share from around 43% to over 60%.

To support compliance with the upcoming Cyber Resilience Act (CRA), Patchstack has introduced a managed Vulnerability Disclosure Program (VDP) platform, available to all open-source projects on WordPress and WooCommerce.

FYI: The Cyber Resilience Act (CRA) introduced obligatory software support and vulnerability disclosure guidelines for all commercial software with users in the European Union. The law is expected to be passed in Q4 2024.

The Pathstack VDP platform simplifies the process for developers by providing a centralized dashboard for managing security reports, validating vulnerabilities, and coordinating disclosures. Developers and product companies can start setting up their security programs for free through Patchstack.

WPLift has announced its acquisition by E2M Solutions, a leading white-label partner in the digital agency space. According to the announcement, this collaboration will enhance WPLift’s ability to provide reliable WordPress news and resources, leveraging E2M’s expertise and extensive network of professionals.

Readers can expect more in-depth content, timely news updates, and ongoing coverage of WordCamp events. The partnership promises to strengthen the WPLift community while maintaining its commitment to quality information for WordPress users.