Automattic Receives Backlash For Cloning Premium Plugin via @sejournal, @martinibuster

8 months ago 132

ARTICLE AD BOX

Automattic cloned WP Engine’s paid ACF Premium plugin and is distributing it for free. Many successful the WordPress assemblage disapprove of this action, expressing concerns that it undermines the plugin and taxable ecosystem.

Advanced Custom Fields Plugin

Advanced Custom Fields (ACF) is simply a WordPress plugin that’s fashionable with WordPress website developers due to the fact that it enables them to make customized fields that WordPress publishers and authors tin use.

Custom fields allows developers to instrumentality afloat power of the editing screens to adhd things similar a signifier for gathering structured information circumstantial for a benignant of WordPress leafage similar Schema.org markup for ecommerce, news, ineligible oregon aesculapian context. A customized tract tin beryllium utilized to springiness nonfiction authors a spot to participate the writer sanction oregon a featured quote.

Website developers and usage ACF to alteration authors to adhd writer bios, featured quotes, oregon nonfiction metadata similar work date, modification information oregon links to sources. For example, a tract for a featured punctuation tin beryllium utilized truthful that authors tin input what the featured punctuation says and it’ll look successful the nonfiction utilizing each the predefined styling. All the writer needs to bash is capable successful the signifier and deed the taxable button.

ACF was developed by a institution named Delicious Brains which was acquired by WP Engine successful 2022 which assumed work for processing and updating the escaped and premium versions.

WordPress Freemium Ecosystem

ACF is fashionable due to the fact that it built spot and authoritativeness arsenic a coagulated plugin done the usage of the freemium WordPress concern model. Plugin and taxable developers usage the freemium concern exemplary to connection a escaped mentation of their bundle and a premium mentation that offers further functionality. Offering a highly functional and utile escaped mentation increases the popularity and goodwill of a plugin oregon taxable with basal users and the much precocious users are capable to effort the functionality of the escaped mentation past take the premium mentation for the further features. It tin instrumentality years to physique that goodwill, spot and authoritativeness with users.

The developers of plugins similar Yoast and Wordfence walk thousands of hours processing and promoting their escaped plugins, which are past installed connected millions of websites. They enactment each that effort into the escaped versions to upsell their premium products.

Timeline: Automattic Forks ACF

In the discourse of WordPress plugins and themes, the word “forking” refers to the instauration of an autarkic mentation of an existing WordPress plugin oregon taxable utilizing the root codification of the archetypal mentation to make a antithetic version. Forking is made imaginable with unfastened root licenses. All plugins and themes that are derivatives of WordPress indispensable beryllium developed with an unfastened root license.

Forking of a taxable oregon plugin sometimes happens erstwhile a developer abandons their task and an funny enactment decides to proceed processing their mentation of the software, a “forked” mentation of the original.

October 3, 2024 Automattic Releases Independent Updates

Automattic locked ACF plugin retired of the WordPress.org servers, preventing ACF customers from updating their versions of the plugin straight from WordPress.org servers, forcing WP Engine to make a workaround connected October 3rd.

WP Engine announced:

“On October 3, we released caller versions of our wide utilized plugins, featuring autarkic update capabilities and updates delivered straight from WP Engine.

While WP Engine and Flywheel customers are already protected by the WP Engine update strategy and don’t request to instrumentality immoderate action, assemblage members are encouraged to download these versions of our free, open-source plugins and updates straight from the ACF and NitroPack websites to guarantee they person updates straight from us.

If you’re moving v6.3.2 oregon earlier of ACF, oregon person been forcibly switched to “Secure Custom Fields” without your consent, you tin instal ACF 6.3.8 straight from the ACF website, oregon travel these instructions to hole the issue.

These efforts enactment our customers and plugin users and question to support the assemblage astatine large.”

Screenshot Of ACF Plugin Changelog Showing Lockout Workaround

On October 5th Automattic notified WP Engine of a vulnerability successful the ACF plugin and announced it connected a present deleted station connected X (formerly Twitter).

Screenshot Of Post On X By Automattic

October 7th: WP Engine Fixes ACF Vulnerability

On October 7th, WP Engine fixed the plugin vulnerability, arsenic noted successful their changelog.

Screenshot Of ACF Changelog About Security Patch

October 12, 2024: Automattic Forks ACF

But then, connected October 12th, Automattic forked WP Engine’s ACF plugin, renaming it Secure Custom Forms (SCF) and replaced the ACF plugin successful the authoritative WordPress plugin respository with their fork, utilizing the aforesaid URL formerly utilized by the ACF plugin. Matt Mullenweg posted an announcement connected WordPress.org citing information concerns arsenic the crushed for forking ACF but aboriginal successful the announcement besides citing WP Engine’s suit seeking alleviation from Mullenweg’s actions.

Mullenweg wrote:

“On behalf of the WordPress information team, I americium announcing that we are invoking constituent 18 of the plugin directory guidelines and are forking Advanced Custom Fields (ACF) into a caller plugin, Secure Custom Fields. SCF has been updated to region commercialized upsells and hole a information problem.

…This is simply a uncommon and antithetic concern brought connected by WP Engine’s ineligible attacks, we bash not expect this happening for different plugins.”

Automattic Forks Premium Version Of ACF

Social media was buzzing implicit the play due to the fact that it was noticed that a caller mentation of ACF was published connected WordPress.org utilizing a caller URL (/secure-custom-fields/), marked arsenic a beta version. David McCan of WebTNG downloaded the plugin, took a look astatine the codification and confirmed that the caller mentation is simply a fork of the paid mentation of ACF. He notes that the WP Engine copyright accusation was removed, remarking that whitethorn beryllium a problem. He besides noted that the codification that checks for whether the bundle is paid for and licensed has besides been removed.

Viewing the code, helium says:

“We spell to the mentation for unafraid customized fields. You spot the record sanction is inactive the aforesaid ACF dot PHP, But this one. The header accusation says unafraid customized fields. It says the writer is wordpress.org. There is nary copyright announcement successful present of WP engines code, which is astir apt a problem.

So by removing the licence cheque and update from WP engine, this seems similar a classical lawsuit of an aged plugin which is present being hosted successful the WordPress plugin directory. So I’m wondering if this is adjacent a ineligible fork. I’m not an adept successful bundle licensing law, but my knowing is you request to sphere the archetypal copyright notices erstwhile you fork a plug in. It’s 1 of the requirements.”

Developer Response In Facebook Group

Whether oregon not whether making the pro mentation of the plugin freely disposable for download is ineligible is thing for the courts to decide. What Automattic whitethorn not person considered is that determination is an interaction to competitors similar Meta Box Pro, who connection a akin functionality to ACF. Current users of Meta Box Pro whitethorn beryllium incentivized to not renew their existent licence due to the fact that they tin present get akin premium features for escaped from WordPress.org.

Someone posted this interest successful the backstage Dynamic WordPress radical (posted here, radical rank required to view), penning that they had purchased a beingness licence ($699) for Meta Box anterior to Mullenweg’s quality with WP Engine. They wrote that they consciousness similar they made a mistake for purchasing a licence for Meta Box, noting that they don’t hold with “stealing” ACF and expressed that this volition origin Meta Box to suffer users. A yearly subscription to Meta Box starts astatine $149/year.

One of the Facebook radical members remarked that no, they didn’t marque a atrocious determination by purchasing a licence for Meta Box, saying that Matt Mullenweg was the 1 that made the mediocre decision. Another radical subordinate expressed that helium regarded Mullenweg arsenic an unreliable steward of the ACF fork and wouldn’t spot his fork, ACF, connected immoderate of the websites helium develops.

Other developers agreed that SCF is not trustworthy capable for usage connected a unrecorded website, noting that galore sites are having issues with the Secure Custom Fields. Someone other noted that this whitethorn extremity poorly for Meta Box wrong a twelvemonth from present arsenic SCF becomes much stable. Some members said they’re gladsome to person Meta Box and are gladsome to beryllium uninvolved with the WordPress versus WP Engine drama.

Response On WordPress Subreddit

The effect from the WordPress assemblage connected Reddit was likewise disapproving.

Members of the WordPress subreddit expressed disapproval, cipher was celebrating Mullenweg’s move.

One subordinate posted:

“It’s brainsick due to the fact that they virtually are suing idiosyncratic other for hosting nulled plugins, and that feline had his slope accounts frozen. They are doing the aforesaid happening present implicit astatine WordPress.”

Someone other shared:

“Oh wow, truthful this is really Matt putting the premium/pro mentation of ACF with each of it’s features that are usually down their paywall, up for radical to download and usage for escaped connected wordpress.org portion calling it Secure Custom Forms Pro oregon whatever, wholly retired of spite?

This is worse than I thought it was from conscionable seeing the rubric of this thread, overmuch worse.”

Another post that’s typical of however radical consciousness astir WordPress.org distributing a premium plugin for free:

“If helium wanted to sprout WordPress successful the different foot, this was the cleanable move.”

Whether this determination volition interaction ACF’s competitors and the greater premium WordPress ecosystem remains to beryllium seen. One happening is certain: astir radical connected societal media look to disapprove of Matt Mullenweg forking a premium WordPress plugin, and, ineligible oregon not, it’s perceived arsenic crossing a enactment typically associated with bundle piracy.