WordPress.org has introduced a fork of a popular WP Engine plugin in order “to remove commercial upsells and fix a security problem,” WordPress cofounder and Automattic CEO Matt Mullenweg announced today. This “minimal” update of the Advanced Custom Fields (ACF) plugin is now called “Secure Custom Fields.”
It’s not clear what security problem Mullenweg is referring to in the post. He writes that he’s “invoking point 18 of the plugin directory guidelines,” in which the WordPress team reserves several rights, including removing a plugin, or changing it “without developer consent.” Mullenweg explains that the move has to do with WP Engine’s recently-filed lawsuit against him and Automattic.
Similar situations have happened before, but not…