Email I just received.
—-
Hi Adam,
We are reaching out promptly and directly to inform you of Matt Mullenweg’s (CEO of Automattic and owner of WordPress.org) unprecedented and appalling actions on Oct 12th to forcibly appropriate the Advanced Custom Fields (ACF) plugin and .org listing. The potential impact of Mr. Mullenweg’s improper action is that millions of existing installations of ACF will be updated with code that is unapproved and untrusted by the experts on the ACF team at WP Engine. We want to highlight how you can immediately reduce your exposure and risk now, and ensure you are using the genuine ACF.
If your website is hosted on WP Engine or Flywheel or you are an ACF PRO customer – you are not impacted and do not need to take any action. You will continue to get the latest updates, securely from the experts on the ACF team.
If you have a website that is NOT managed on WP Engine or Flywheel AND are using the free version of ACF you must perform a one-time download of the 6.3.8 version via advancedcustomfields.com in order to get genuine ACF updates and remain safe in the future. After this one-time download you will be able to safely update as usual via the WP Admin panel.
If your site has already updated to the modified “Secure Custom Fields” plugin, you can also follow the process above to get back to a genuine version of ACF, and should not experience any loss of configuration or data doing so before there is further change to the ACF code.
The WordPress community has trusted ACF for over a decade and the expert stewards of ACF will continue to support and enhance the capabilities that our users love and trust.
If you have any questions our technical support team is standing by to support you. On behalf of our entire team, we are grateful for the continued opportunity to serve your customers, your business and team.
For a more in-depth overview of what has happened with the free ACF plugin and WordPress.org, you can read this post here.
The WP Engine Security team
Good for them! Waiting to get my copy of that email.
Very interested on how they present this on their blog, given their restrained approach so far. What’s the blog link?
This should be pinned to the top. It deserves its own megathread. This has huge implications for businesses that need to be kept in the loop prior to Monday.
Are they also having any talks with WPMUDev? How does WPMUDev differ from Wpengine’s issues?
Oh FFS. If you’re a WPE customer you’ll get this email. Why is is posted here too? Seems like this should be in the megathread or wpdrama.
This topic, **as it pertains to WordPress, has been covered**. This post is relevant to *WPE customers only*. This is not new information.
Time for WP Engine to fork WordPress – complete with written promises to NEVER do what mullenweg has done – extort and steal from users of open source software.
If I were WPEngine i would fork WordPress and name it (if not taken) EnginePress, WP is tainted by this megalomaniac, Matt M
Doesn’t he realize that when he shatters trust in the foundations of WordPress, he opens the door for the adoption of alternatives. This is just the opening small frameworks need to shake up the CM universe and world order.
A product is only as solid as its perceived stability, and now, one golden egg-laying goose is being prepared for slaughter.
That email was clearly written by a lawyer.
This is also a significant issue for any org that does security review on plugins that they use. Matt can fork ACF if he wants, but taking over the .org/plugin listing and switching people over to their code without approval could actually put them in very dangerous legal territory. It’s a wildly unprofessional move with consequences for the whole ecosystem, regardless of where you stand on the WPvWPE spectrum. They’ve just taken the move that tells EVERY single plugin developer “stay on our good side, because if you make something everyone likes, and don’t bend the knee to us, we’ll just take it from you.”
At the very least, they are doing even more to demonstrate to enterprise users that WordPress is not capable of existing in a professional space like that. If Matt wants to continue acting like a child, that’s his prerogative, but all any of this does is set WordPress back YEARS in its credibility.
A new Musk has entered the WordPress community.
Matt is now a cuck.
So how should I update ACF? What about ACF pro?
> Similar situations have happened before, but not at this scale. This is a rare and unusual situation brought on by WP Engine’s legal attacks, we do not anticipate this happening for other plugins. —[Matt Mullenweg, WordPress blog on October 12, 2024](https://wordpress.org/news/2024/10/secure-custom-fields/)
What lawyer looked at this? You admit you hijacked a plugin because they sued you? Oof. Not a very defensible reason.
So now we as the end user and businesses that have clients are supposed to choose between ACF original or the hijacked version of SCF. This Is getting fucking ridiculous.
Get rid of Matt problem solved