The WPdrama of the legal battle between Automattic and WP Engine continues, just before the hearing for the preliminary injunction.
Remember that you can listen to this program from Pocket Casts, Spotify, and Apple Podcasts or subscribe to the feed directly.
Program transcript
Hello, I’m Alicia Ireland, and you’re listening to WPpodcast, in this special episode.
The next November 26, 2024, is the date set by the judge for the hearing to seek preliminary injunctions that will define the situation in the legal battle between Automattic and WPEngine, which is affecting the WordPress Community as a whole.
In the last special episode, we explained the situation in detail up to the first days of October, but many more things have happened since then.
Before explaining everything that has happened, I will review the key events between the end of September and the beginning of October.
At WordCamp US, Matt gave a talk focused on contribution, or rather the lack of it, in the WordPress project, and the bad practices that, according to him, WPEngine and the investment fund behind the company, Silver Lake, were engaging in.
A few days later, the post WPEngine is not WordPress was published, highlighting two key elements: the confusion between the WordPress brand and the product offered regarding revision settings. It’s worth noting that this is the post where Matt referred to WPEngine as a cancer.
Shortly after, we had the first cease and desist letter from WPEngine and Automattic’s response, with another cease and desist letter.
As a result of all this, and along with the post WPEngine has been banned from WordPress.org, access to the systems was blocked, although for a few days they were able to access to perform customer maintenance. However, since October 1st, WPEngine has been blocked.
It’s October 2nd, and WPEngine files a formal lawsuit against Automattic and Automattic responds that it is without merit.
What is WPEngine alleging at this point?
To begin with, interference, as WPEngine claims that the defendants intentionally interfered with its business contracts by publicly defaming the company, which has caused several of its clients to reconsider or terminate their contracts with WPEngine, in addition to affecting potential economic relationships with current and future clients, causing them to lose business opportunities.
Another important element is fraud and computer abuse, as they accuse the defendants of manipulating WPEngine’s access to WordPress.org systems, preventing the company from accessing critical tools for its business.
There is also an extortion attempt, claiming that Automattic demanded payments of tens of millions of dollars under threat, with the purpose of extorting money for a brand license that was not necessary.
Another significant element, with legal precedent, is unfair competition (according to the California Commercial Code), accusing them of engaging in unfair and fraudulent business practices to gain an economic advantage through illegitimate methods.
Another point, important for the community itself, is Promissory Estoppel, as based on explicit promises that WordPress would be an open and collaborative platform, millions of dollars have been invested, and now Automattic is failing to honor those promises.
Regarding the trademark, WPEngine seeks a declaration that there is no trademark infringement or dilution, aiming for a legal ruling confirming that their use of the WordPress and WooCommerce brands does not infringe any registered trademarks and has not diluted the registered trademarks, arguing that their activities are legal under fair use law.
Finally, in a more general but no less important point, defamation and slander are alleged, accusing Automattic of spreading false statements that damaged WPEngine’s reputation by describing its products as “modified and low-quality versions” of WordPress, or that the products have been intentionally discredited to discourage customers from using their services, and that Matt, during speeches and interviews, has made false statements, suggesting they don’t contribute to the WordPress ecosystem and are harming the community.
This is the basis of the entire legal mess between both companies, which, in general, shouldn’t affect the community… but.
That same week, Automattic offered its employees the possibility of leaving the company with an attractive bonus. Although less than 10% of employees left, many of them were directly related to their work on .ORG, the Community, or the Foundation. Among others, Josepha Haden, the executive director of the project, or Naoko Takano, who had been with the company for more than 14 years, just to name a couple of examples.
The WordPress Twitter account, the community’s account, began to get involved, and many people criticized the use of the project’s account for an issue in which the Community itself was not involved. But remember, both the social media accounts and the WordPress.org website are exclusively owned by Matt Mullenweg, not the community or the WordPress Foundation.
But that’s not the only thing that was happening. WordPress.org was blocking access to some plugins from the WPEngine group, mainly Advanced Custom Fields. And this is just the beginning, because just a few days later, Automattic announced that ACF had a security hole and that WPEngine wasn’t fixing it, obviously, considering their access had been blocked for that purpose. They did this in a tweet, and the entire cybersecurity community jumped in, explaining the very bad practice of exposing something in that way, eventually removing the content, but marking the start of the next chapter.
And, whether related or not, amid all the noise, Automattic hired Jason Bahl from WPEngine to turn the WPGraphQL plugin into a canonical plugin for the WordPress community.
It’s now October 8th, and we begin with the announcement of Mary Hubbard as the new executive director of the WordPress project, although she wouldn’t officially start until two weeks later… all of this as good news for the start of the next big step in this situation: the “checkbox.”
Until now, in general, everything that had happened mainly affected the two companies and Matt… but this is perhaps the turning point where the WordPress Community reaches its breaking point. From that day, the WordPress.org access site includes a checkbox (known in the community as “the checkbox”) that says the following: I am not affiliated with WPEngine in any way, financially or otherwise. It’s important to note that this text is in English and written from a U.S. perspective, so each word used has a very specific legal meaning. In the following days, this was extended to the purchase of WordPress event tickets and global Slack access.
This checkbox started to raise many questions among WordPress contributors, and the conversation moved to Slack. And that’s when the chaos began. Many users started to get blocked from Slack, including team representatives, long-time contributors, and links to other open-source projects. WPEngine issued a statement that clients, agencies, and users were not “affiliated” with the company.
As seen from October 9th onwards, many WordPress contributors who were not sponsored have left the project, some of those who had sponsorship lost it, and the focus has been on properly closing the launch of WordPress 6.7, although it raised many doubts about the upcoming major version.
The following days had a clear keyword: “fork.” Matt published a post explaining that in open-source projects, creating a fork is something that can be done, and he provided a few examples in that post. We just had to wait a few more days to understand the reason for this post.
And here comes another twist: WordPress.org took control of Advanced Custom Fields and renamed it to Secure Custom Fields. This move has many facets because Matt’s post frames it as something done for security reasons and as a fork. While it’s true that for security, they could have allowed the WPEngine team, which was maintaining it in parallel, to apply the security patches, not only were the lines of code added to fix it, but any potential updates to the PRO version of ACF were removed, all while keeping the same URL. This has caused a lot of confusion among users, as the plugin changed name and author, kept the comments and ratings, and over time has stagnated in features. Furthermore, many people in the community assume that this is not a “fork,” but a “theft” of the project. This led to another exodus of contributors from the WordPress Community.
In parallel, the plugin hosting policy on WordPress.org changed to justify the actions that are taking place, asking that the plugin guidelines be consulted instead of the post, which is now considered obsolete.
After these two events, the checkbox and SCF, the community has been raising its voice more and more. One of the clearest cases has been the removal of comments from the ACF support forums on WordPress.org, something that has always been strictly regulated in the community’s support rules, where deletion has generally been a last resort.
Another affected party has been the event in Sydney, where WPEngine was a sponsor, and where some of its speakers work at the company. The event organizers, remember, are led by volunteers who don’t generate income from the events, announced that they were informed just days before that WPEngine was blocked from participating in the events in any way. It’s important to note that the organizers were not asked to remove the sponsorships, but rather the Community team accessed the site and modified it without prior knowledge.
The WordPress Community Accessibility team decided to suspend the meetings because the team representatives could not access the site.
Starting October 17th, we began to see how other WordPress developers had been banned from the site, blocking their ability to maintain their plugins and themes, in this case, not related to WPEngine, simply for being critical in one way or another of the decisions made.
This is also coupled with another possible exit of Automattic employees who disagree with the direction, with better benefits than the first time.
During these days, the WordPress Code of Conduct was updated to include that private messages cannot be shared. This applies both to social media, where many users had been posting communications with Matt, and to Slack. In any case, this had never been an issue in the Community until this moment.
And, another of the hardest moments for the WordPress Community to digest: Matt published a blog post explaining which companies offer easy migration systems from WPEngine to, primarily, his partners such as Automattic’s own companies, Bluehost (which pays the license), and several other usual players in the ecosystem.
And we reach the next point in the legal battle: WPEngine requests a preliminary injunction against Automattic and Matt, as the representative of WordPress.org.
This document essentially requests that a hearing be held in which the judge determines certain actions, primarily to go back to where things were before all of this, restore some confidence in the use of the WordPress.org site, and restore access for developers and updates for users. And to do so “now.” While WPEngine requested that it happen as soon as possible, and Automattic as late as possible, the chosen date is November 26th.
In this document, which is a separate process from the previous one, issues of extortion over trademark use are discussed, Matt’s promises for everything to be open, how the WordPress Foundation manages the trademarks, the ownership of the WordPress.org site, and basically everything we’ve just explained, which has been used as evidence to demonstrate Matt’s bad faith throughout this process and Automattic’s support.
There are two legal elements they rely on: the Computer Fraud and Abuse Act, which would affect the ACF plugin, and the California Unfair Competition Law, which would affect access to the website.
A few days pass before Automattic’s response. It’s important to keep in mind that this entire legal battle is not about WordPress, as an open-source project, but about WordPress.org, Matt’s website, where contributors participate in the project. Among the details of the response, it is made clear that the website is not part of the open-source project, that it is a personal website, although it is never indicated anywhere on the website. For now, the response ends there.
Another element affecting the WordPress Community is the shift from the community Slack from the Pro version to Business+. This change basically allows for two things: first, the ability to configure access via WordPress login through SSO, and second, that administrators have access to private conversations, which can be exported without notifying users. All of this seems to be a result of Salesforce’s donation to the WordPress Community, with the condition of being featured on the Five for the Future page and becoming a sponsor of the WordCamp flagship events (Asia, Europe, and the United States).
After the situation with WordCamp Sydney, the Community team began sending emails requesting control of local event social media accounts, something that had always been entrusted to the community’s best efforts, and they also requested that certain tweets published from those accounts be deleted.
And if you thought ACF would be the only plugin affected, think again. The team behind Paid Memberships Pro decided to remove the plugin from the official repository, and it was done. Everything seemed fine until, in the WordPress Slack, Matt said that if this happened, the next step would be for him to take over the plugin, just as was done with ACF. They wouldn’t be the only ones, because on October 28th, Delicious Brains, with plugins like WP Migrate, WP Offload Media, and Better Search Replace, also announced that they were blocked from accessing the repository.
On October 30th, Matt was in an interview at TechCrunch Disrupt, where, among other things, he said that sponsoring a WordPress event was not contributing, but marketing. He also boasted that more than 8% of clients had already left and switched hosting providers after all this, and that this would continue to happen.
It was also evident that, on the same day, Automattic and Matt were going to respond to the latest document from WPEngine.
In these documents, it is essentially stated that WordPress.org is theirs, and that they are not obligated to give access to WPEngine’s network, and that they have no legal or moral obligation to allow the use of their resources.
Just four days later, WPEngine’s response was swift. In this case, with the hearing date approaching, both sides begin to show their cards, and WPEngine is set to use Matt’s own words against him.
This document includes statements from Matt at the TechCrunch event, where he essentially said that WPEngine had lost 8% of its customers, that they were at war with them, and that if they had to go back, “it wouldn’t matter.”
It also cites two cases: hiQ Labs v. LinkedIn and Epic Games v. Apple as examples where one site or platform cannot block another. The document goes into great detail explaining how Matt has always publicly said that WordPress.org is part of the Community, and now he’s stating that the project is his, that contributions are for him and not for the open-source project, which should only affect the core.
Regarding the blocking and renaming of ACF, it is framed as a hack, based on three cases of legal precedent in similar cases.
The information submitted to the court has been expanded with a document about the ownership of WordPress.org, another with videos and transcripts from the TechCrunch interview and other media, and another document specifically about ACF.
And as if that weren’t enough, Automattic has launched the site wordpressenginetracker.com, which exposes around 20,000 WordPress sites that have left WPEngine. This has generated a lot of controversy due to the information collected by WordPress.org about the sites and the major privacy issues involved, as WordPress sites are required to send information to central servers without any privacy policy or data management guidelines. Additionally, GitHub offers around 730,000 site records, many of which come from private information sent to WordPress.org without the user’s knowledge.
Moreover, another 144-page document has been filed, summarizing everything that has happened and expected to be the last update before the judicial hearing.
In any case, the Court has denied Matt and Automattic’s motions to “Dismiss,” “Strike,” and the “Administrative Motion to Shorten Time” as they were deemed debatable.
Meanwhile, the WordPress Community continues to raise its voice about the culture of fear that is being injected among contributors and anyone who disagrees with Matt himself. An article in The Repository with various interviews and comments from multiple community contributors, specifically from the WordPress core, clearly outlines the unsustainable situation that is unfolding.
And finally, this podcast is distributed under a Creative Commons license as a derivative version of the podcast in Spanish; you can find all the links for more information, and the podcast in other languages, at WPpodcast .org.
Thanks for listening, and until the next episode!
Leave a Reply