WordPress.org has taken over a popular WP Engine plugin in order “to remove commercial upsells and fix a security problem,” WordPress cofounder and Automattic CEO Matt Mullenweg announced today. This “minimal” update, which he labels a fork of the Advanced Custom Fields (ACF) plugin, is now called “Secure Custom Fields.”
It’s not clear what security problem Mullenweg is referring to in the post. He writes that he’s “invoking point 18 of the plugin directory guidelines,” in which the WordPress team reserves several rights, including removing a plugin, or changing it “without developer consent.” Mullenweg explains that the move has to do with WP Engine’s recently-filed lawsuit against him and Automattic.
Similar situations have happened…