WordPress Takes Control of Popular ACF Plugin in Dispute with Hosting Firm WP Engine

In an escalation of an ongoing commercial disagreement, the non-profit organization behind the popular content management system WordPress has assumed control of a widely used plugin. According to reports, the move is aimed at addressing security and ethics concerns that have arisen during a dispute with web hosting provider WP Engine.

WordPress founder Matt Mullenweg announced that the organization would fork the Advanced Custom Fields (ACF) plugin, re-releasing it under the new name Secure Custom Fields. ACF is a plugin used by many WordPress sites to facilitate custom fields and options on site pages and content items. Mullenweg indicated the change was needed to “remove commercial upsells and fix a security problem.”

However, the team behind ACF criticized the move, asserting that the plugin had been “unilaterally and forcibly taken away” from its original creators without consent. They argued such an action had never before occurred in WordPress’ two-decade history and questioned the ethics of the situation.

WordPress and Mullenweg rebutted that similar precedents have been set previously, and that the organization’s policies allow disabling or altering any plugin in the interest of security. Nevertheless, they acknowledged the rarity of such a step.

The back-and-forth is the latest salvo in an ongoing conflict between WordPress and WP Engine. WordPress had banned WP Engine from its plugin directory over branding issues but briefly lifted the ban before reimposing it. WP Engine then released workarounds for users to update ACF outside of the official channels.

Going forward, Mullenweg said Secure Custom Fields would be maintained as a non-commercial project, open to volunteer developers. The public dispute underscores ongoing tensions around commercialization, control and ethics in the open source WordPress ecosystem.