Note
Hi, everyone. I've been putting in a lot of work on this over the last few weeks and i'm currently underemployed! If you'd like to hire me to do CMS-based work (i focus on Craft and ExpressionEngine but i do some WordPress work as well), please reach out! Alternatively, if you'd like to chip in toward bills & groceries, that's a big help right now!
Updates (Most Recent First)
- 11 January 2025
- 9 January 2025
- 8 January 2025
- 5 January 2025
- 4 January 2025
- 3 January 2025
- 24 December 2024
- 22 December 2024
- 21 December 2024
- 20 December 2024
- 19 December 2024
- 18 December 2024
- 16 December 2024
- 15 December 2024
- 14 December 2024
- 13 December 2024
- 12 December 2024
- 11 December 2024
- 10 December 2024
- 9 December 2024
- 2 December 2024
- 1 December 2024
- 29 November 2024
- 27 November 2024
- 26 November 2024
- 25 November 2024
- 23 November 2024
- 22 November 2024
- 21 November 2024
- 19 November 2024
- 18 November 2024
- 15 November 2024
- 14 November 2024
- 12 November 2024
- 11 November 2024
- 9 November 2024
- 8 November 2024
- 7 November 2024
- 6 November 2024
- 5 November 2024
- 4 November 2024
- 2 November 2024
- 1 November 2024
- 31 October 2024
- 30 October 2024
- 29 October 2024
- 28 October 2024
- 27 October 2024
- 26 October 2024
- 25 October 2024
- 24 October 2024
- 23 October 2024
- 22 October 2024
- 21 October 2024
- 20 October 2024
- 19 October 2024
- 18 October 2024
- 17 October 2024
- 16 October 2024
- 15 October 2024
- 14 October 2024
- 13 October 2024
- 12 October 2024
- 11 October 2024
- 9 October 2024
- 7 October 2024
- 5 October 2024
- 4 October 2024
- 3 October 2024
- 2 October 2024
- 1 October 2024
- 30 September 2024
- 28 September 2024
- 27 September 2024
- The WordPress Foundation is the nonprofit which manages the WordPress code and ecosystem. Until this blowup started, it was widely believed to maintain the wordpress.org website (the domain, however, is owned by Matt Mullenweg rather than by the Foundation), which acts as the central repository for all updates, themes, and plugins, as well as managing the WordPress documentation and maintaining a large discussion forum for WordPress devs and users. The Foundation is administered by a board of three people, one of whom is Matt Mullenweg.
- WordPress.org is the above-mentioned plugin/theme/update repository, which turns out to be owned by Mullenweg directly rather than by the Foundation, and he is in full control of it. Until all of this started, most people in the WordPress community (including longtime developers and agency partners) were under the mistaken impression that the .org site was administered by the Foundation.
- Automattic is the for-profit arm of WordPress, which maintains the wordpress.com web host as well as offering a number of other free and paid addons to WordPress. Matt Mullenweg is the CEO and a member of the Board of Directors, and controls a majority of votes in the organization. (He only owns a minority of shares, but has consistently insisted on obtaining proxies from his major investors.)
- WP Engine is a company which offers managed hosting for WordPress sites. They are a major player in the WP hosting space. It is important to note that the phrase "managed hosting" specifically implies a high level of control by the hosting company over the software and infrastructure; managed hosting services are geared toward less-technical clients and clients who want to offload server administration stuff. People who are purchasing managed hosting, as opposed to unmanaged hosting, are specifically buying the higher level of control by the hosting provider, because it means fewer hassles for them.
- Link to full docket for anyone who wants to follow developments on the lawsuit
- A roundup of plugins affected by Mullenweg's actions
- Michael Tsai is maintaining a roundup that focuses on quotes and reactions from involved players and community members
- Another roundup/timeline that includes some history
- Another roundup at The Mattrix Derailed which focuses on quotes and reactions from community members
- Another roundup, mostly longer-form blog reactions to events, is at mullenweg.wtf
- Yet another timeline over here, with some older events to show community concerns occurring even before this particular conflict started
- And yet another timeline of the feud
- Another site, Matt is not WP, aiming to cover the feud and affected contributors/plugins
- Joe Youngblood has yet another timeline
- Samuel Sidler's blog, The Delta, has several good in-depth posts about the legal fight and related community issues.
- TechCrunch has solid reporting on the initial events: Mullenweg's initial blog post, his WordCamp keynote, his second blog post, and WP Engine's C&D letter. The blog posts are posted to the wordpress.org blog, not to Automattic's blog.
- WP Engine's letter alleges, among other things, that Mullenweg demanded money from WP Engine ostensibly as a licensing fee for the WordPress trademark, but in actuality to refrain from disparaging and defaming them on stage and in blog posts.
- Not alleged in the letter, but reported by attendees to WordCamp, is that Mullenweg engaged in a verbal altercation with WP Engine employees working the WP Engine booth at the show, which included Mullenweg threatening to physically dismantle their booth in the middle of the show. (I can't find my link to this right now, i'll look for it later.)
- Automattic sends a C&D letter of its own to WP Engine, demanding that they stop misusing the WordPress trademark. (Note that the WordPress Foundation is the trademark owner, and Automattic is the sole commercial licensee.) The exhibits are a separate document here.
- Prompted by Mullenweg's multiple blog posts, which get automatically propagated to every WordPress user with the "News Feed" widget on their admin dashboard (which is most WordPress users, as very few actually modify their dashboard), WP Engine disables the "News Feed" dashboard widget for all its customers. (Note that just as with disabling revisions, this is a simple config change, supported by WordPress; it does not involve modifying any code or otherwise "chopping up" WordPress installs.)
- A day after Automattic sends the C&D, the wordpress.org domain (again, maintained by the WordPress Foundation), blocks WP Engine (and thence all of their customers) from accessing the plugin/theme/update repository. This means that none of WP Engine's customers can automatically install plugins or themes, update plugins or themes, or update WordPress itself, including vital security patches. Additionally, all WP Engine user accounts are reportedly banned from the wordpress.org site, meaning they cannot post to the forum or update the plugins which they maintain as an organization. (Need to find the link on this one too.)
- Mullenweg posts about this decision, again to the wordpress.org blog, and includes the following statement: "What I will tell you is that, pending their legal claims and litigation against WordPress.org, WP Engine no longer has free access to WordPress.org’s resources."
- Note, here, that WP Engine's C&D was sent to Automattic, which runs wordpress.com, and at no point has WP Engine made any legal claims whatsoever against wordpress.org or the WordPress Foundation.
- Meanwhile, Pressable (another web hosting company also wholly owned by Automattic), posts a special offer for WP Engine users, offering to buy out their contracts and migrate them for free. (The above is an archival link; at the time of writing, the offer is live and linked here.)
- Mullenweg has also spent the last several days Posting Through It on Reddit (link goes to his user page, which should make all comments visible). (Note that many of these comments were posted significantly after his receipt of the C&D letter from WP Engine.)
- Mullenweg is reportedly also privately exhorting Automattic employees to make supportive posts on their own blogs and social media. There may or may not be an implication that they will be retaliated against if they choose not to do so; reports vary.
- Mullenweg uses the .org blog to post WP Engine Reprieve, stating that they are re-enabling WP Engine's access to the central repository, but only through 30 September (specifically "until October 1, UTC 00:00"), giving WP Engine all of two and a half business days to spin up working mirrors.
- At least two WordPress Core contributors report that their access to the Make Wordpress team was disabled after they criticized Mullenweg on the team's private Slack
- The Verge posts an explainer article
- Josh Collinsworth posts a call to fire Mullenweg which also contains an excellent and comprehensive roundup of events so far
- On Hacker News, Mullenweg confirms that he plans to continue serving as CEO of Automattic as well as Director of the Foundation and owner/operator of wordpress.org and states that he does not plan to undo the hard-coded dependency on the wordpress.org repositories within the WordPress software
- Mullenweg gives a live interview
- Mullenweg, on his personal blog, challenges Lee Wittlinger, president of the WP Engine Board of Directors, to a public debate
- WP Engine updates several of their pages to modify their use of 'WordPress' and 'WooCommerce'. The changes are in most cases fairly minor and clearly intended to reinforce their claim that their use is nominative and fair. ( before | after )
- Mullenweg confirms on Twitter that he, not the WordPress Foundation, is the sole owner of the wordpress.org domain and in sole control of all of the repositories and critical infrastructure which rely on it.
- LWN has another nice recap
- Mullenweg says in an interview that the 8% deal is "no longer on the table" and threatens a hostile takeover of WP Engine
- The CEO of CloudFlare offers (via Twitter) to donate all resources required to continue hosting the wordpress.org repositories
- Richard Best (who is a lawyer, but not a trademark/IP lawyer) weighs in on some of the legal considerations
- Automattic publishes what they purport to be the term sheet they offered WP Engine on 20 September 2024 for use of the trademarks, alongside a blog post purported to be the timeline of events (Editor's note: I say "purported to be" because at least one of the terms in the term sheet, related to affiliate codes, doesn't seem to be related to anything that actually happened in the real world and was, as far as i can tell, "discovered" by Matt as an issue several days after 20 September)
- On Twitter, Mullenweg is directly asking WP Engine's big clients to switch hosts
- Several people including former Automattic employee Kellie Peterson (note her name, it'll come up again) post on X that Automattic is offering buyout packages to employees who are not "aligned with the CEO's vision" (link is to a Reddit roundup with comments)
- Kellie Peterson (see above) posts on Medium that Mullenweg has threatened her with legal action for her Twitter posts
- The Executive Director of WordPress, Josepha Haden Chomphosy, has left Automattic. (The Tweet she is quoting has since been deleted and I can't find an archive.)
- WP Engine formally files suit against Automattic, Inc. and Matt Mullenweg
- Mullenweg continues his devotion to Posting Through It on the Hacker News item about the lawsuit, to the point where actual lawyers in the thread are begging him to shut up
- Automattic puts up a blog post about the trademark situation
- The Register has an article about the conflict, in which Bruce Perens (one of the big names in defining Open Source) is quoted
- Automattic releases a blog post in response to the lawsuit and announces that they have hired famous scumbag Neal Katyal
- Mullenweg confirms, on his own blog, that 159 Automattic employees took his buyout offer
- In an interview with The Verge, Mullenweg makes clear that he is in control of WordPress, and has no plans for that to change
- Mullenweg comments on Reddit (on a now-deleted post, but the comment is still visible) that he believes WP Engine has hired a "dark PR firm"
- Lawyer Mike Dunford has a weekly Twitch stream called the Litigation Disaster Tour Hour; his last two shows have focused on this conflict. The VODs are now archivally available on YouTube.
- Jeffrey Zeldman, one of the grandfathers of the Web as we know it today, wrote a post about staying at Automattic
- Automattic's Twitter account discloses that there is an unpatched vulnerability (link is to an archived version) in the version of ACF on the wordpress.org repository (which, again, WP Engine staff cannot currently update because Mullenweg has unilaterally blocked WP Engine staff from accessing .org). Automattic asserts that they have informed WP Engine about the issue.
Note: This sort of announcement is not standard practice in infosec; there is no reason for this class of disclosure ("there is an issue but we are not saying what it is") except to create a climate of uncertainty about safety.- A few hours prior to Automattic's irresponsible disclosure, Mullenweg asked on his personal Twitter, "What are the best alternatives to Advanced Custom Fields…?" He asserted that "millions of sites" will be switching to other options in the coming weeks.
- PatchStack, a WordPress infosec agency, reports on Twitter that they are aware of the vulnerability and it is low-severity, which fuels further speculation by WordPress community members (on Reddit, Twitter, and probably elsewhere) that it was announced this way merely to harm WP Engine's business.
- One of Mullenweg's employees states on Reddit that a security patch will be pushed to the .org repository "even if I have to apply the patch myself"; John Blackbourn, a member of the WordPress Core Security Team, also says "I am going to work my damned hardest to ensure that the fix gets shipped to dotorg"
- A few hours later, Automattic removed their Twitter post
- The story hits the mainstream press as CNBC publishes an article about it. The article is pretty lopsided towards Mullenweg's perspective (one of their primary sources has undisclosed connections to Mullenweg's businesses), but contains a decent overview of events so far.
- Mullenweg reportedly joins a Slack for ex-Automattic employees and immediately attempts to assert control in the guise of "helping".
- Jason Bahl, the creator of important WordPress plugin WPGraphQL, announces that he is moving from WP Engine to Automattic. (WPGraphQL is a plugin whose development WP Engine has sponsored for the last several years). The language of the announcement makes fairly clear that he was poached directly by Mullenweg.
- Mullenweg tweets about WPE and WPGraphQL, calling it "another case of them confusing everyone with their marketing".
- WP Engine announces that they have patched the ACF vulnerability and the WordPress security team has patched the plugin on the .org repository
- A checkbox has been added to the wordpress.org login screen requiring users to affirm that they are "not affiliated with WP Engine in any way, financially or otherwise". 404 Media and WP Tavern have details.
- Major contributors and community figures continue to get banned from the Slack and blocked by the WordPress official Twitter account (more tk)
- Another mainstream press article in Slate: The Pettiest Drama in the Tech World Is Taking Place at … WordPress?
- Now in order to get a WordCamp ticket you have to log in (and therefore check the checkbox)
- WordPress.org takes over the ACF Plugin from the .org repository, rebranding it as "Secure Custom Fields" but retaining the plugin's namespace, reviews, and ratings
- Someone has done a full analysis of the code changes involved
- The Verge covers the story
- So does TechCrunch
- ACF (owned by WP Engine) makes a statement on their blog
- An Automattic employee weighs in
- Ben Werdmuller has a clear explanation of why this is such a big deal
- WPE has been removed from sponsorship of an upcoming WordCamp without prior consultation with the organizers of that event
- The official WordPress Accessibility Team has suspended all meetings because the team leads cannot log into wordpress.org due to the login checkbox
- Longtime core contributor Scott Clark is ceasing all core contribution including work on the long-awaited core Fields API due to Mullenweg's actions
- Company Very Good Plugins sends Automattic a C&D letter requesting the removal of their WP Fusion plugin from the .com repository (which is a copy of the .org repository, but is used to upsell people on the paid WordPress hosting plans). VGP has a registered trademark for "WP Fusion".
- Lawyer Richard Best weighs in on ACF trademark/fork issues
- The Open Source Security podcast does an episode on What's Wrong with Wordpress, covering the ACF takeover as a supply-chain attack
- DHH post [more tk]
- It is not directly related to WordPress or Automattic, but two ongoing lawsuits against Mullenweg, his mother, and his VC firm Audrey Capital have surfaced alleging fraud, mistreatment of employees, creation of a hostile workplace environment, sexual harassment, and wage theft, among other things. News of the lawsuits has filtered into the WordPress community and is actively being discussed.
- Full docket of the Westmoreland lawsuit
- Full docket of the Attayeb lawsuit
- Matt response post [more tk]
- Matt responds to DHH, then deletes, then reposts [more tk]
- Internal Automattic comms related to trademark enforcement plans are leaked to TechCrunch
- Fast Company covers the ongoing conflict
- The Register has more details about WPE being banned from WordPress events: WPE employees have also been told by the Foundation that they cannot volunteer at or speak at any officially-sponsored WordPress event
- Dave Winer, one of the internet's preëminent Cranky Old Men, weighs in on Mullenweg's side
- An opinion piece at Computerworld about the conflict
- Bullenweg has information about a new short-term "alignment" (buyout) offer, which was apparently specifically targeted at a particular leaker. (No word yet on how many others took it.) Notably, the offer was posted only in the internal Slack, and included the following sentence: "We will try to keep this quiet, so it won’t be used against us, but I still wanted to give Automatticians another window."
- LWN has a good article about the impact of the conflict on the WordPress community
- 404 Media reports on ongoing chaos at Automattic including the new buyout offer.
The Verge also has the story
So does TechCrunch. - The WordPress blog posts a promotion to entice customers away from WPEngine; currently five hosts are listed as offering discounts. Three of those hosts are owned by Automattic, and one (BlueHost) is owned by Newfold, which is invested in Automattic and pays them for a trademark license. Only one (Dreamhost) seems to be independent.
- The WordPress Foundation announces a $100K donation to the Internet Archive.
- WP Engine files a motion for a preliminary injunction seeking a restoration of "the status quo as it existed prior to September 20, 2024". There are many exhibits and several supporting declarations available on CourtListener.
The Verge also covers the story. - The WordPress Foundation posts meeting minutes from their 17 October meeting. This is the first time they have ever publicly posted meeting minutes.
- The WordPress Code of Conduct is suddenly modified to prohibit the sharing of private communications, with no clear language about what constitutes "private" nor about the scope of the restriction.
- Blog AntiMattic is reporting (based on leaked Slack conversations) that Mullenweg is planning to poach WPE employees and also failing to immediately honor the new 9-month buyout offer for some employees, suggesting that "I’ll work on an official statement. Probably after we do the hiring offer for WPE employees." and "That may be awkward for someone who DM’d and will have a later last day (could be next year, even), but my priority is people staying, not people leaving." (Archived link here in case legal threats force the blog author to remove this.)
- Very late last night, WP Engine filed an administrative motion seeking to shorten the timeline for emergency relief, citing the "capricious and unhinged actions of Defendants" as necessitating a seriously expedited timeline.
- Very Good Plugins posts that Automattic responded to their C&D from 12 October. They took down the plugin from wordpress.com, but they expressly state in their reply that this was a courtesy, and that "Automattic disagrees with your assertions that it has infringed the intellectual property rights of Very Good Plugins, LLC. The listing uses the WPFUSION trademark solely and only to the extent necessary to identify the genuine WPFUSION plugin, which constitutes nominative fair use under applicable law." (Alert readers may note the irony here.)
- The precise date is unknown, but sometime in the last two weeks the WordPress official development/community Slack was upgraded from Pro to Business+, as spotted by Kellie Peterson. This is notable for a few reasons:
- It represents a significant price increase (which is, per the WordPress.org blog, being completely donated by Salesforce
- Unlike the Pro plan, the Business+ plan allows administrators to export private messages as well as public messages
- The Business+ plan allows the use of SSO
- Lawyer Richard Best argues on his blog that the infamous checkbox may violate the GDPR
- Mullenweg writes an overwrought blog post alleging that WPE is violating his First Amendment rights (archived version here, in case he deletes or edits it)
- As reported on Reddit, the WordPress official Slack now enforces SSO using a wordpress.org account. This means anyone who does not have a .org account (or whose account has been disabled, or who cannot sign in because of the new loyalty checkbox) is now completely barred from using the development Slack as well. Mullenweg, in a post on the Slack, blames this on WPE's lawyers.
- The parties to the lawsuit stipulate jointly that the court should allow the defendants (Automattic & Mullenweg) until 30 October to file their opposition to the motion for preliminary injunction.
- Wordpress' lawyers filed their opposition to the administrative motion. Notably, their opposition asserts quite firmly that .org is Mullenweg's personal website and that he has incurred no obligations to allow anyone to do anything with it whatsoever.
"WordPress.org is not WordPress. WordPress.org is not Automattic or the WordPress Foundation, and is not controlled by either. To the contrary, as Plaintiff itself acknowledges, WordPress.org is Mr. Mullenweg’s responsibility." - The official WordPress Twitter account takes some late-night digs at WP Engine; it seems likely that Mullenweg himself is the one using the account.
- The Court grants WPE's administrative motion and orders the following:
- Defendants have until Wednesday, 30 October to file their response/opposition
- Plaintiff has until Monday, 4 November to file their reply
- The hearing on the motion for preliminary injunction is set for Tuesday, 26 November
- Kellie Peterson reports on Twitter that she has been told that Mullenweg tried to hire Kendrick Lamar to write a diss track about WPE. It was apparently revealed at an internal town-hall meeting and told to her by an anonymous source who was at the town-hall.
- TechCrunch announces that Mullenweg will be on stage at the TechCrunch Disrupt event (the comments are spicy already!)
- Attorney Mike Dunford does a Twitch stream on the motion for preliminary injunction
- WP Engine releases a timeline of events focused on how they have been ensuring safety & continuity for their customers
- The BBC covers the feud
- The Automattic social media team is reportedly asking WordCamp organizers (who are volunteers, independent of both Automattic and the Foundation) to turn over their social media accounts
- Another timeline of events, Bullenweg, has been taken down following legal threats by Matt Mullenweg. The content is still available, for now, in the GitHub repository
- Emails have surfaced related to Automattic's assertion of control over WordCamp social media accounts. They also demanded that WordCamp Sydney delete several tweets about WPE.
- Morten Rand-Hendricksen offers a personal anecdote about how Mullenweg has personally exerted control over WordCamp events as far back as 2011
- The Register picks up the story about WordCamp organizers being required to share social media credentials
- Bullenweg updates again; the current front page (archived version) is a quote from the ongoing Westmoreland lawsuit against Mullenweg, his mother, and Audrey Capital
- In a discussion on Reddit, the founder/organizer of WordCamp Asia states that he expects the new registration requirements to have an impact on attendance. (Purchasing WordCamp tickets now requires registering and logging into a wordpress.org account, including ticking the now-infamous checkbox.)
- The developers of the Paid Memberships Pro plugin, who removed their listing from wordpress.org last week, have put up a blog post claiming that Mullenweg threatened to "take over your listing and make it a community plugin like we did to ACF" after they requested the takedown. Prominent WordPress news outlet The Repository confirms that they have seen screenshots of the conversation.
- Longtime Core contributor and community organizer Chris Wiegman blogs about leaving WordPress and says that Mullenweg and Automattic have been toxic for some time.
The utter hypocrisy of Matt Mullenweg’s actions isn’t really unsurprising to anyone who has watched Automattic for the last decade or more but it is my final straw. Yes, I should’ve left earlier when I saw friends hurt. Somehow I guess I always thought my actions would somehow help the situation. It was a naive position, I now realize.
- The Repository (mentioned above) has the full story about Paid Memberships Pro and the threatened takeover
The bullenweg.com domain no longer resolves; investigation indicates that the registrar (Porkbun) has suspended it. There is speculation that Mullenweg threatened Porkbun with legal action, as the content does not seem to be in violation of any of Porkbun's Terms of Service.
CORRECTION, 3 November 2024: The purported owner of the bullenweg.com domain has spoken up in defense of Porkbun, asserting that the domain hold/deletion was initiated by the owner, not by Porkbun
- Mullenweg appears at TechCrunch Disrupt; the full video is here. He doesn't say much of anything new, and he evades pretty much all of the non-softball questions, but there are two notable statements: he repeats his claim that WPE's deployed version of WordPress is internally modified, and he also notes that Blackrock marked their investment in his Automattic down by 50% since 2021. TechCrunch also has a short written recap.
- TechCrunch separately reports on Mullenweg's statement at Disrupt that Automattic is "very short-staffed" after the loyalty buyouts.
- The Defendants have filed several documents with the court:
- Defense's Motion to Dismiss (with Proposed Order)
- Defendants' Motion to Strike certain of WPE's complaints (with Proposed Order) (this is an Anti-SLAPP motion)
- Mullenweg's Declaration in Support of the Motion to Dismiss and the Motion to Strike
- A Request for Judicial Notice of some blog posts
- Defense Opposition/Response to Motion for Preliminary Injunction
- Barry Abrahamson's Declaration in Support
- Jiaxing (Kyle) Xu's Declaration in Support
- The official WordPress Twitter account is extremely hostile to the AspirePress project in the middle of the night, calling their repository and governance work "masturbatory". The tweets were subsequently deleted; the above link goes to Kellie Peterson's screenshots. (The tweets were almost certainly authored by Mullenweg himself.) Both tweets are also available at archive.today.
- Sarah Savage, who runs the AspirePress project, blogs about her response to these tweets.
- The head of Customer Success at WooCommerce (an Automattic-owned company) is reportedly cold-emailing WP Engine customers offering a buyout if they move to Pressable. A (redacted) screenshot of one such email is here. (This was also previously mentioned in Jason Teichman's Declaration in Support of WPE's Motion for Preliminary Injunction.)
- The Verge writes up the latest, including the Motion to Dismiss
- The website Plugin Vulnerabilities catches an interesting detail: the language related to hosting forked premium plugins on wordpress.org has been modified, starting on the same day that the ACF takeover happened.
- CIO Magazine has an article discussing what CIOs and management professionals in general should do about WordPress, and what the WordPress feud means for the stability of FOSS software in general. (The article includes new statements by Mullenweg; it is somewhat biased toward his side of the feud, but still worth reading.)
- Mullenweg posts a misunderstanding of how the GPL works on his personal blog, referencing his interview with popular YouTuber Theo. The post is probably related to Automattic's lawsuit against Festinger Vault; FV made a statement last week referencing the same video interview.
Note: The FV lawsuit is not directly related to Mullenweg's feud with WPE, but it may be relevant context. - Longtime WordPress developer, organizer and contributor Duane Storey pens a blog post entitled WordPress Is On Dangerous Ground
- Late Friday night, Automattic's lawyers filed an Administrative Motion to Shorten Time, requesting (among other things) that their Motion to Dismiss be heard at the same time as WPE's Motion for Preliminary Injunction. Lawyer Mike Dunford has a thread about the motion on Bluesky. Dunford also points out that the motion is overlength.
- Automattic publishes a blog post entitled Defending Open Source: Protecting the Future of WordPress, which rehashes the feud with WPE and is, of course, very biased toward Automattic.
- WPE files their Reply to Mullenweg/Automattic's Opposition to their Motion for Preliminary Injunction on 4 November just before midnight. The main document is here.
- There are also three Declarations in Support:
- Sara Jenkins (a lawyer at Quinn Emmanuel).
Jenkins has several exhibits embedded in her declaration. - Ramadass Prabhakar (CTO and Senior VP at WP Engine).
Prabhakar's exhibits are separate and nobody has bought them on PACER yet, but i think they are all just screenshots. - Olga Slobodyanyuk (a lawyer at Quinn Emmanuel).
Slobodyanyuk's exhibits are available and notable: complete video copies and transcripts are now submitted into evidence from Mullenweg's YouTube interview with Theo T.3.GG (transcript) and his interview with Connie Loizos at TechCrunch Disrupt (transcript).
- Sara Jenkins (a lawyer at Quinn Emmanuel).
- There are also three Declarations in Support:
- A small nonprofit, the International Misophonia Foundation, has penned a blog post about Jetpack's pricing model penalizing nonprofits by including any donation-supported organization in the "for-profit" category for pricing purposes.
Note: This is also not directly related to Automattic's feud with WPE, but provides insight into their business practices and concerns. - WPE files an Opposition to Automattic/Mullenweg's Administrative Motion to Shorten Time. Notably, their Opposition hinges on the fact that they plan to file an amended complaint.
- Automattic puts up https://wordpressenginetracker.com, a site devoted to tracking how many domains have left WPE as a hosting provider. The site includes a downloadable CSV which purports to be all domains still on WP Engine, including local and staging domains, making this a goldmine for bad actors and a deeply anti-privacy move by Mullenweg. (It also probably violates the GDPR.) User antimattic on Reddit has a comment with more interesting info; the domain was registered on 3 October and this has apparently been in the works for awhile.
- On the Reddit thread about the wordpressenginetracker.com site, Mullenweg makes a cryptic comment. (Archived version here.) The comment reads, in its entirety:
Either I'm an idiot, or something is going on that you don't understand. Let's check back in a month. :)
- Search Engine Journal covers the new website.
- Automattic is reportedly offering significant incentives for agencies to partner with them and move sites off WPE onto (Automattic-owned) Pressable (link is a Reddit thread which includes a screenshot of one such email).
- WordPress blog/newsletter The Repository posts Core Contributors Voice Concerns Over Mullenweg’s Control and “Culture of Fear” in WordPress Community, which contains damning quotes from several anonymous core contributors.
- Duane Storey posts Down The Rabbit Hole - A Look At The WordPress Update API , which goes into more detail about the telemetry data being sent to .org by the Update API as well as other WordPress APIs.
- For those who like video, developer and prominent YouTuber Rino de Boer has a video essay about the WordPress situation and suggestions for making it better.
- As reported on Reddit, Cloudflare is now (as of the time of writing) displaying a phishing warning on the wordpressenginetracker.com site.
- Search Engine Journal reports on the phishing warning and notes that the warning disappeared after a few hours.
- The Repository posts an article about the WP Engine Tracker site
- Website FOSS Force reports on an interview with Mullenweg, at Nerdearla, a Mexican tech conference. The article gets some background details incorrect (.org is not owned by the Foundation) but provides several useful quotes from the onstage interview with Mullenweg.
- The website mattisnotwp.com covers the official WordPress Twitter account spreading FUD about plugins and themes which are not hosted on .org and the pushback to that claim.
- WPE has filed their Amended Complaint. There are 9 new claims for a total of 20, including 3 Sherman Act claims, two Lanham Act claims, and a second CFAA claim. The document runs to 144 pages.
- Here is the new complaint
- It has some separate exhibits
- The redline version (this is the complaint shown with Track Changes output)
- An anonymous person has released the kindness.is website, showcasing "examples of Mr. Mullenweg’s actions and interactions so that people can look at them and form their own opinion". (Their Further Reading page also includes a link to this document and kind words about yr humble chronicler).
- The Register covers the amended lawsuit, including a statement from Automattic saying exactly what you expect it says.
- The Court denies Mullenweg/Automattic's Motion to Dismiss, Motion to Strike, and Administrative Motion to Shorten Time as moot (this is the main docket page; there is no document associated with the order).
- WordPress blog ilovewp posts some aggregate data analysis of the leaked WPE sites list from wordpressenginetracker.com.
- Video of Mullenweg's 'Fireside Chat' at Nerdearla (see 11 November) has been posted. There is also a Reddit thread with a transcript of some of his most aggressive remarks.
- Tech newsletter The Observer runs an article about the ongoing feud, including interview quotes from Mullenweg
- The USPTO issues WP Engine's trademark for "ACF". The trademark application for "Advanced Custom Fields" is still pending.
- Automattic/Mullenweg request leave to file a Surreply in Opposition to the Motion for Preliminary Injunction. There are also several supporting documents:
- The proposed surreply is filed as an attachment
- A Declaration in Support is filed by a Hogan Lovell attorney in order to introduce a transcript of the TechCrunch Disrupt interview as an exhibit.
- Attorney Mike Dunford covers Automattic/Mullenweg's Response to the Motion for Preliminary Injunction and WPE's Reply on his Litigation Disaster Tour stream; the VOD has been archived to YouTube here.
- Automattic has released a new version of Secure Custom Fields on wordpress.org (at the secure-custom-fields slug) which adds in the paid features from ACF Pro. This seems to have first been reported by David McCann, on YouTube. In a discussion about this move on r/wordpress, commenter obstreperous_troll notes that the ACF copyright notice has been stripped from the new plugin, which violates the GPL.
- Mullenweg, on Twitter, tells prolific community member and plugin author Duane Storey "you're really going off the deep end", in response to a tweet by Storey about WordPress' use and misuse of the GPL.
- The Repository writes about the SCF Pro takeover/fork.
- Search Engine Journal also covers the new SCF Pro.
- Preliminary Injunction hearing was at 10:30am.
- Mike Dunford liveblogged it on Bluesky (no login required).
- Your humble correspondent liveblogged it on the Fediverse. Dunford's liveblog is better; he's actually a lawyer.
- Jer Warren liveblogged it on the Fediverse.
- Tim Brugman liveblogged it on Twitter.
- Samuel Sidler has transcribed the hearing. Note that this is not the official court transcript; it is an unofficial amateur transcript.
- Samuel Sidler also liveblogged the hearing on his own blog.
- Mike Dunford also livestreamed on Twitch to discuss the hearing (link is to the archival copy on YouTube).
- WP Tavern (owned by Mullenweg) has a short piece on the SCF Pro release.
- The Repository writes about the preliminary injunction hearing.
- WP Tavern also writes about the hearing.
- WPE and Automattic/Mullenweg agree to an amended briefing schedule for the Motion to Dismiss and Motion to Strike, and file a Joint Stipulation & Proposed Order. Michael Maddigan (counsel for the defense) also files a Declaration in Support.
Note: This does not affect the Preliminary Injunction proceedings; a Proposed Order (or possibly dueling Proposed Orders) and a ruling by the judge are expected much sooner on that.
- Mathieu Viet, lead developer of BuddyPress, announces that he quietly stepped away from WordPress development after Mullenweg's initial attacks against WPE, but that the takeover of ACF Pro has convinced him to openly condemn Mullenweg and WordPress.
While Mr. Mullenweg's first attacks made me quit this community and stop contributing to WordPress® open source projects (including BuddyPress®), the latest one (making the premium code of a plugin marketed by the attacked competitor available for free) convinced me that disapproving and condemning them as a former contributor was not enough. Indeed, I have also decided to stop using WordPress® to power this website.
- TechCrunch reports that BlackRock has marked down its investment in Automattic by 10%. Per an earlier article by TechCrunch, BlackRock had already marked the investment down by 50% earlier this year.
- The judge grants the order stipulating a revised briefing schedule (the joint stipulation was filed on 29 November and is noted above)
- Per Michael Maddigan (counsel at Hogan Lovell), the parties did meet and confer but were unable to reach agreement on a proposed Order, so each party has submitted its own proposal:
- WPE: Plaintiff's Proposed Order
- Mullenweg/Automattic: Defendants' Proposed Order
Note: The defendants' proposed order is submitted as an Exhibit to the main response by Maddigan, and it contains introductory language suggesting that it is stipulated to by both parties. It seems clear that the proposal was drafted before meeting & conferral, and not revised prior to the response being sent to the Court. It was not actually stipulated to by both parties.
- The Plugin Vulnerabilities website reports that Automattic's Chief Legal Officer position has changed hands again, and that their legal team in general seems to have undergone a number of shakeups in the past year.
- Automattic acquires AI company WPAI. This isn't directly related to the current legal fight, but Automattic's acquisitions strategy may be of further interest later.
- WP Tavern covers the WordPress Speed Build Challenge between Mullenweg and Jessica Lyschik. Again, this is not directly connected to the conflict with WPE; it is included here because there is broad community criticism of Mullenweg's handling of the challenge.
- Mullenweg posts on his personal blog about the Automattic booth at DrupalCon Singapore, talking about Automattic's commitment to FOSS.
- The Court issues a preliminary injunction against Automattic/Mullenweg.
- Automattic issues a short statement on their Twitter account.
Today’s ruling is a preliminary order designed to maintain the status quo. It was made without the benefit of discovery, our motion to dismiss, or the counterclaims we will be filing against WP Engine shortly. We look forward to prevailing at trial as we continue to protect the open source ecosystem during full-fact discovery and a full review of the merits.
- WPEngine also issues a short statement on Twitter
We are grateful that the court has granted our motion for a preliminary injunction that restores access to and functionality of wordpressdotorg for WP Engine, its customers and its users. This ruling provides much-needed stability for the WordPress ecosystem. We deeply appreciate our customers for their continued trust and support. We remain committed to serving them and their sites with the performance, availability and integrity they deserve while collaborating to ensure a vigorous, thriving and stable WordPress community.
- The Verge reports on the order.
- TechCrunch also reports.
- Cory Doctorow pens a blog post about the BDFL model. It does not mention anyone specific, but it contains a reference to "CMSes and personal publishing services" and many folks in the community are reading it as directed partly at Mullenweg.
- Mullenweg expresses extreme disappointment and anger about the injunction in the Post Status slack, an important WordPress community venue. 404 Media carries the story.
- Search Engine Journal runs an article about the preliminary injunction.
- The Register also covers the injunction.
- Heather Burns, on Twitter, points out that Mullenweg is seeking to have his posts and data deleted from the Post Status Slack, which is generally a bad idea when one is engaged in ongoing litigation because deliberate destruction of communications could constitute spoliation.
- Terence Eden writes a post on his own blog entitled "Is WordPress.org GDPR Compliant?" (Spoiler: they are probably not GDPR compliant!)
- The University of Houston (of which Mullenweg is an alumnus) publishes a puff piece about him, including interview quotes.
- Nick Gernert, the CEO of WordPress VIP, posts a statement which is vague but definitely seems to indicate some kind of internal instability at Automattic.
- Mike Dunford discusses the Order for Preliminary Injunction on his Litigation Disaster Tour Hour (link is to the archival copy of the VOD on YouTube).
- On Twitter, Mullenweg attempts to get into a fight with tech journalist Gergely Orosz over the latter's praise of WP Engine.
- Several core contributors and WordPress community leaders anonymously sign and circulate an open letter about the governance of WordPress, explicitly stating that they are remaining anonymous because they fear retaliation by Mullenweg. The Repository reports on the letter; the contributors are known to the editorial team there and their identities and signatures have been verified.
- Rodolfo Melogli reports on Twitter that some potential WCEU sponsors have received emails from the WordPress Community Team regarding trademark noncompliance.
- The ACF plugin page on .org was restored to WPE at the end of the day on Friday. WPE team members also had their access restored, as noted by WPE employee Brian Gardner on Twitter.
- Mullenweg posted a tweet saying that he restored WPE's access and plugin page but is "disgusted and sickened by being legally forced to provide free labor and services" to WPE, and snarking at them for not having immediately updated the plugin.
- Immediately after his tweet, however, the ACF team announced on Twitter that they had already pushed their changes to .org and were waiting on the mandatory plugin review process (controlled by Mullenweg and a community volunteer team).
- Mullenweg posts a short comment on the Repository blog post about the open letter from 13 December. The comment reads:
Thank you, I have meditated. I’m happy to meet with people on specific proposals and specific changes, but it’s hard to engage or take action with this. I understand that people don’t like the current setup, and I’m very open to experiments to try different structures, but they need to work better for our users. This is too vague… be specific with names, what work they’ll do, and what outcomes we should expect in what timeframe.
- A Reddit thread highlights a new checkbox appearing on the wordpress.org login screen; it reads "Pineapple is delicious on pizza." Some community members interpret it as a subtle assertion of continued control over the site by Mullenweg.
- A joke website springs up declaring Mullenweg to be the "Tech Arsehole of the Year"; the site contains a brief and opinionated summary of his feud with WPE.
- 404 Media covers the new "pineapple on pizza" checkbox.
- Attorney Mike Dunford explains on Bluesky that the new checkbox likely isn't contempt of court but bodes ill for WordPress' continued health.
- Mullenweg gave the annual State of the Word address in Tokyo, with simultaneous livestreaming. (It was apparently not well-attended by the standards of previous SotW addresses.) Longtime community member Ryan Duff posted on Twitter about his impressions from watching the livestream; but aside from a couple of veiled digs at WPE, it seems to have been fairly bland and professional.
- WP Tavern (owned by Mullenweg) covers the State of the Word address.
- The official Automattic Twitter account has a thread of polling about pineapple on pizza, and the checkbox on .org. Many replies call the thread (and the checkbox) out as in poor taste.
- The pineapple checkbox is now optional.
- The Houston Chronicle publishes an article by culture reporter Jamil David, "Houston CEO is a weirdo who likes pineapple on pizza". The article contains a brief synopsis of the WPE feud.
- Mullenweg replies to Jamil David on Twitter, complaining about the word "weirdo" in the headline.
- Inc. Magazine publishes a long interview piece about Mullenweg.
- Mullenweg publishes a complaint about the piece on his own blog.
- Per Neil Peretz' LinkedIn, he seems to have left Automattic/WooCommerce this month. (Thanks to @nickchomey for catching this one!)
- On the WordPress.org blog, Mullenweg announces a holiday hiatus on many .org-related services including plugin reviews and new account creation. He cites personal burnout and blames WPE.
- This announcement immediately creates an issue for WordCamp organizers, because as of October 11 people must have WordPress.org login credentials in order to sign up to attend a WordCamp. A workaround has been implemented which enables new account creation if the referrer is a WordCamp URL, but this is brittle and open to exploitation.
- Attorney Mike Dunford covers Mullenweg's post-injunction actions on his weekly Twitch livestream (link is to the archived version on YouTube).
- Mullenweg's attorneys file their new Motion to Dismiss/Motion to Strike.
- They attach a Proposed Order.
- They also request that the court take judicial notice of several exhibits. The exhibits are available via the full docket (link goes directly to the docket entry with the exhibits).
- WP Tavern (owned by Mullenweg) covers the holiday break announcement.
- Prominent WordPress community leader and developer Joost de Valk publishes Breaking the Status Quo : A vision for a new WordPress era.
- WP Engine praises de Valk's blog post on their Twitter account, and ends their tweet with:
We are committed to working with Joost, Karim, and other respected voices in the community to ensure WordPress’s future is stronger than ever. This requires collaboration, transparency, and action—and we stand ready to offer ideas, technology and support as we move forward together.
- Former WordPress community leader and educator Morten Rand-Hendriksen discusses WordPress governance, the community, and possible ways forward in a blog post on his LinkedIn page.
- ComputerWorld runs an article about the holiday break, calling special attention to the lack of any specified reopening date.
- WP Tavern writes about Joost de Valk's blog post from 20 December and community reactions to it.
- Search Engine Journal covers de Valk's blog post and Mullenweg's response.
- WordPress developer Robert DeVore publishes "How to Stop Your Plugins & Themes from Being Used on WordPress.com Hosting" on his blog, in which he suggests adding a simple check to all your PHP code to prevent it from being used on WordPress.com as a protest against Mullenweg's actions.
- Mullenweg makes a deliberately provocative post on r/WPDrama, asking the following:
I’m very open to suggestions. Should we stop naming releases after jazz musicians and name them after Drake lyrics? Eliminate all dashboard notices? Take over any plugins into core? Change from blue to purple?
I think we can brainstorm together and come up with way better things than I could on my own.
☺️ Also, Merry Christmas! 🎄 - Folks in the main r/Wordpress community consider Mullenweg's post to be in very bad taste.
- The r/WordPress subreddit notices that .org registrations are re-enabled, presumably meaning that the holiday break is over.
- The WordPress Meta Team confirms that the holiday break is over. WP Tavern also carries the story.
- The official WordPress Twitter account alleges bad behavior by WPE, with a screenshot of a thread on r/Wordpress about a customer's bad cancellation experience.
- WP Tavern reports that Felipe Santos at WordCamp Central has rejected Patchstack as a sponsor for WordCamp Europe because of a purported lack of "significant contributions" to the community. Rampant speculation exists about the real reasoning behind the rejection; it has been noted that WP Scan, a competitor to Patchstack, was acquired by Automattic just over a year ago.
- Mullenweg disbands the WordPress Sustainability team after its head steps down. (Link is to a r/Wordpress thread discussing the move).
- Automattic announces that they will be stepping down their contributions to WordPress core; the post blames the move on the WPE lawsuit. Mullenweg also shares the post on his personal Twitter account with a dig at WPE and specifically at Heather Brunner.
- Mullenweg disables the .org accounts of several vital core contributors, and makes a public post about it in which he also engages in some mild character assassination.
- TechCrunch has the story
- Slashdot also carries the story, with some quotes by affected community members.
Hi, just dropped in to point out the interview you just linked above. It can be tedious to go through, but start around the 15:00 mark where they discuss the term sheet that Automattic sent to WPE - this is important. Item number 4 has is a "prohibition on forking" anything WooCommerce-related. Apparently WPE had changed the affiliate code in the WooCommerce Stripe plugin, so WPE was credited as the affiliate instead of Automattic. I was not aware that WooCommerce got a kickback for every Stripe transaction done this way (must be in the terms somewhere?) but more to the point, I believe that attempting to legally restrict WPE's rights under the GPL here may in fact be a GPL violation -- software distributed to WPE would have more restrictive terms, which the GPL forbids. Would love to hear Mike's take on that one. The redirected revenue and the fact that Matt has been talking about bringing Advanced Custom Fields - which is owned by WPE - into core would seem to muddy the waters surrounding Matt's motivations here.