Automattic, WP Engine
Published on September 26, 2024

OMG – ‘WP Engine is banned from WordPress.org’

written by Richard Best

The increasingly sad saga continues

The latest and in my view completely inappropriate step that has been taken against WP Engine is to block it from being able to access WordPress.org for automatic updates. This is what WP Engine posted earlier today:

Blocking confirmed

MM, it seems, has confirmed this in a post on WordPress.org titled ‘WP Engine is banned from WordPress.org‘. This saga has become so absurd that it warrants pasting in the post on WordPress.org in full:

“Any WP Engine customers having trouble with their sites should contact WP Engine support and ask them to fix it.

I won’t bore you with the story of how WP Engine broke thousands of customer sites yesterday in their haphazard attempt to block our attempts to inform the wider WordPress community regarding their disabling and locking down a WordPress core feature in order to extract profit.

What I will tell you is that, pending their legal claims and litigation against WordPress.org, WP Engine no longer has free access to WordPress.org’s resources.

WP Engine wants to control your WordPress experience, they need to run their own user login system, update servers, plugin directory, theme directory, pattern directory, block directory, translations, photo directory, job board, meetups, conferences, bug tracker, forums, Slack, Ping-o-matic, and showcase. Their servers can no longer access our servers for free.

The reason WordPress sites don’t get hacked as much anymore is we work with hosts to block vulnerabilities at the network layer, WP Engine will need to replicate that security research on their own.

Why should WordPress.org provide these services to WP Engine for free, given their attacks on us?

WP Engine is free to offer their hacked up, bastardized simulacra of WordPress’s GPL code to their customers, and they can experience WordPress as WP Engine envisions it, with them getting all of the profits and providing all of the services.

If you want to experience WordPress, use any other host in the world besides WP Engine. WP Engine is not WordPress.”

Thoughts

My comments:

  • I have 10 WP Engine sites and I have built sites on WP Engine for others. As far as I am aware, I and they had zero problems yesterday. In any event, if WP Engine wants to limit the visibility of attacks upon it, so be it. That doesn’t concern me and the newsfeed is a needless distraction anyway. I don’t go to my WordPress dashboard to discover WordPress news. It wouldn’t surprise me if the reference to “thousands of sites” is exaggerated.
  • The post asserts there are “claims and litigation against WordPress.org”. It is not clear that this is correct. WP Engine’s cease and desist letter was sent to Automattic and, as far as I’m aware, WordPress.org is not a legal entity. It is, rather, a platform to host the self-hosted version of WordPress together with (among other things) theme and plugin repositories.
  • Given that WordPress.org is a repository for WordPress itself, as well as themes and plugins, denying access (at whatever level) to WP Engine flies in the face (in my view) of the WordPress project. Doing so is not contrary to the GPL, but how many of the thousands of people that contribute to core and to themes and plugins hosted on WordPress.org would be impressed by this? Very few, I suspect.
  • The assertion that “WP Engine wants to control your WordPress experience” could be characterised as a projection of what WordPress.com does, in the sense that it rolls out WordPress in a particular way, and with the existence or absence of certain features depending on the plan one purchases (that is, of course, absolutely okay).
  • The post seems to imply that a lack of server to server access by WP Engine may impact its security. If that is not true, then it is irresponsible.
  • There is way too much hostility going on here, bearing in mind that this whole saga commenced (at least in terms of the recent escalations) with an attack on WP Engine at WCUS. No company in the shoes of WP Engine would just sit idly by and not respond in some way. And note also that the things said of WP Engine at WCUS and in a subsequent blog post were not outwardly premised on asserted trademark infringement but on something completely different.
  • The characterisation of  WP Engine as offering a “hacked up, bastardized simulacra of WordPress’s GPL code” is incorrect and, quite frankly, offensive to the tens if not hundreds of thousands of WordPress users who host their sites with WP Engine.
  • It is difficult to conceive of any universe in which alienating WP Engine customers in this way and potentially putting their sites at risk could result in anything good for WordPress itself or Automattic.
  • I have not seen any evidence of WP Engine speaking with the hyperbole, the unprofessionalism, and the hostility we are seeing from the other side (if there is, let me know).
  • In my respectful view, Automattic – yes Automattic the company – needs to step up and put a stop to this. For the sake of the WordPress community, it needs to take steps to dial down the hostility and procure the taking of action that sees WP Engine being able to have server access to WordPress.org. If it doesn’t then, rightly or wrongly, it might be seen as implicated in adversely affecting tens if not hundreds of thousands of WordPress users, and all in consequence of its CEO having waged war on a competitor.
  • And to be clear, I am not questioning the right of Automattic to take steps to protect its intellectual property rights (assuming, for present purposes, there’s a valid claim, despite my preliminary views on that), but there are ways of doing these things, and ways of doing these things… .