The ACF plugin on the WordPress directory has been taken over by WordPress.org

Original Article ↗ Hacker News Discussion ↗

Context of the ACF Takeover

  • WordPress.org removed WP Engine’s control over the Advanced Custom Fields (ACF) plugin in the official directory, blocked the old maintainers, disclosed a security issue, and published a “secure” replacement under the same slug.
  • Many see this as part of an escalating conflict between WordPress.org/Automattic and WP Engine over trademarks, money, and “contributions” to WordPress.

Perception of WordPress.org’s Actions

  • Many commenters describe the move as a “hijack” or “supply-chain attack”:
    – WordPress.org kept the same plugin slug, reviews, install base, and auto‑update channel.
    – This gives the directory maintainers unilateral power to push code to millions of sites.
  • Some argue that forking GPL code is allowed and thus not “stealing,” while others say the theft is of identity, branding, distribution channel, and trust, not the code itself.
  • Several point out potential trademark issues: the new plugin still uses ACF name, logo, and marks that are (or may soon be) owned by WP Engine.

Trust, Governance, and Ecosystem Impact

  • Many say trust in WordPress.org as a neutral steward is “lost” or “badly damaged,” especially for plugin developers who now fear rug‑pulls.
  • Some site owners report disabling automatic updates or planning migrations off WordPress because they no longer trust the update channel.
  • There are calls for independent governance, a broader foundation board, or the current leadership stepping back; others are skeptical this will happen given ownership/control structure.

WP Engine vs “Freeloading” and Open Source Ethics

  • One camp argues WP Engine heavily benefits from WordPress while contributing little to core and that some form of economic reciprocity is morally warranted.
  • Another camp insists the GPL is the full contract: if use complies with the license, there is no additional obligation; retroactive demands (e.g., revenue share) are viewed as a betrayal of open source.
  • Disagreement over what counts as “contribution”:
    – Critics downplay event sponsorship and plugin development as self‑interested marketing.
    – Defenders argue those are real contributions that significantly benefit the ecosystem.

Alternatives and Fork Proposals

  • Multiple suggestions to fork WordPress (e.g., under GPLv3, possibly led by large hosts) and to move to alternatives like Drupal, Ghost, Payload CMS, or static site generators.
  • Some think a serious fork plus better governance could repeat the original WordPress‑from‑b2 story; others expect only shallow mirroring with minimal maintenance.