#191 - WordPress.org’s New Login Requirement, ACF Forked

Issue #191 | October 15, 2024 | Reading time: 17 mins

Hello!

Last week WordPress.org’s login page saw a couple of revisions that made quite a stir. The ACF plugin in the repository has been forked into Secure Custom Fields. Also, Mary Hubbard has been announced as the new executive director of WordPress.org, and WordPress 6.7 beta 3 has also been released.

Don’t forget to subscribe and listen to the podcast version of this newsletter, where you can hear more details and discussions about these topics and more.

See you next week!

Team WP-CONTENT.CO

🙌 This weekly newsletter is kindly sponsored by Kinsta, 20i and Omnisend

Kinsta Managed Hosting

Kinsta – Highest-rated managed WordPress hosting provider on G2 Check it out →

20i WordPress Hosting

Next-Gen Managed WordPress Hosting Check it out →

Omnisend

Boost your sales with email & SMS—without breaking the bank Check it out →

📰 WORDPRESS & AROUND

All the updates around WordPress and its closely related technologies

WordPress.org announces Mary Hubbard as the new executive director

Matt Mullenweg has announced that Mary Hubbard will take on the role of Executive Director of WordPress.org, starting on October 21, 2024. She takes over from Josepha who left with 159 others.

Ian Stewart to Lead WordPress.com: Ian Stewart has been chosen to lead end-to-end customer experience for WordPress.com as its Artistic Director and product lead.
WordPress 6.7 beta 3 released: The beta 3 is now available for download and testing.
Updates to script modules in 6.7: WordPress 6.7 introduces a new @wordpress/a11y script module and a new API to pass script module data from the server to the client.
What’s new for developers? (October 2024): Nick Diego provides an update on all features finalized for WordPress 6.7, along with new functionality now available in Gutenberg.
What’s new in Gutenberg 19.4: The latest version new revises the edit and select modes and now they are called write and design modes, Block Bindings Editor APIs are public, and various other improvements.
Join the WordPress Community Team as a Supporter of Cohort 2024-25: The application form will remain open till 24th October 2024. The tasks for the role will include managing community support channels, mentoring WordCamps and WordPress Events, and vetting Meetup, WordCamps/WordPress Events, and do_action events applications.
Announcing the next Learn WordPress Course Cohort: The topic of this cohort will be Introduction to Developing Plugins, and will be facilitated by Lax Mariappan. This course will be perfect for first-time WordPress plugin developers, who have never built a plugin before.
Announcing the new WordPress Photo Directory team representatives: The three newly elected team representatives are Nilo Velez, Bigul Malayi, and Michele Butcher-Jones.
Accessibility Team meetings suspended: As neither of the current Accessibility team representatives are able to log-in to WordPress.org, team meetings are suspended until further notice.
Fields API team seeking new leadership: With Scott Kingsley Clark no longer contributing to WordPress and stepping down, new leadership is required for the Fields API.
Proposal: Make unit test tickets easier to distinguish: Various suggestions have been made so as to have an easy way to identify Trac tickets specifically for adding unit tests such as adding a new component, a new focus, a keyword, and more.
Everyone’s an owner: Matt provides more information on A12 stock and how 200 shares of A12 stock were granted to the employees who didn’t accept the “Alignment Offer” and decided to stay at Automattic.
Google Ads announces 11-year data retention policy: Google Ads is implementing a new data retention policy effective Nov. 13, which could impact long-term trend analysis and ad reporting.
Wayback Machine down amid cyberattack, 31 million accounts exposed: The Internet Archive has been hit by a cyberattack, compromising the personal data of over 31 million users. The nonprofit organization, known for its Wayback Machine service, which archives web pages, is grappling with the aftermath of the sophisticated attack.
Google faces potential breakup: How DOJ ruling could reshape search: Google faces potential breakup as DOJ ruling outlines remedies to curb search monopoly.

🗣️TALK OF THE TOWN

WordPress.org’s new login requirement, ACF forked, New cease and desist letter

WordPress.org’s new login requirement: Users must confirm non-affiliation with WP Engine: In a significant development in the ongoing feud between Automattic and WP Engine, the WordPress.org login page has undergone a major revision. Users are now required to confirm that they are not affiliated with WP Engine to log in successfully.
ACF plugin forked to ‘Secure Custom Fields’ plugin: After invoking point 18 of the plugin directory guidelines, Advanced Custom Fields (ACF) has been forked into a new plugin, Secure Custom Fields. A couple of days before forking ACF, Matt Mullenweg also published a post titled forking is beautiful.
WordPress also tweeted how they fixed an issue in Secure Custom Fields and also advised to avoid using ACF until they release an update that patches the problem with $_REQUEST. Besides forking ACF, several users also noted how their reviews were being deleted.
David Heinemeier Hansson (creator of Ruby on Rails) on X expressed his concern over this takeover,” We’re in uncharted and dangerous territory for open source now. What a sad sight.” In response to various posts by David Heinemeier Hansson, Matt published a post on his website but later removed it in which he said, “DHH claims to be an expert on open source, but his toxic personality and inability to scale teams means that although he has invented about half a trillion dollars worth of good ideas, most of the value has been captured by others…..I was surprised someone as smart as DHH would fall for WP Engine’s lame deferral to make this about “GPL code” or forking, rather than trademarks. We have no problem with their use of GPL code, our beef is with their trademark abuse.”
Andrew Palmer (co-founder Bertha AI) also highlighted 13 other plugins that can no longer be updated as the developer is WP Engine whose WordPress.org access is still revoked.
As NitroPack team has been blocked from accessing WordPress.org, the team has now released a workaround to ensure that users continue to receive updates.
Jack Arturo filed a cease and desist letter against Automattic and WordPress.com: The cease and desist letter has been issued for unauthorized use of the WP Fusion trademark on WP Fusion Lite at WordPress.com.

Some writings/discussions on the subject:
ACF gets a fork by WordPress.org: From James Giroux

What is the WordPress v WP Engine drama really about?: From Kellie Peterson

Automattic is doing open source dirty: From David Heinemeier Hansson

Open source royalty and mad kings: From David Heinemeier Hansson

I tried to explain the whole WordPress drama: From Theo Throwaways

A plea for unity: Safeguarding the future of WordPress: From WordPress Must Win

What in the WorldPress?: From Design Kitchen

WordPress: The drama continues: From Eric Mann

John-Daniel Trask’s (Co-founder & CEO of Raygun) take on the Automattic- WP Engine issue

Trent (Product Marketer Pro Founder) on what he would do if he had a magic wand and was put in control of WordPress

🚨WEB SECURITY & VULNERABILITIES

A collection of web security and vulnerability news and updates for the past week

Wordfence Intelligence Weekly WordPress Vulnerability Report (September 30, 2024 to October 6, 2024)

There were 161 vulnerabilities disclosed in 147 plugins and 5 themes.

Jetpack 13.9.1: Critical security update: A vulnerability with the Contact Form feature in Jetpack was recently patched. Shift8 did an analysis of this update where they uncovered several more code changes.
Wordfence Cybersecurity Month Spooktacular Haunt: The event will run through November 11th, 2024. Here, standard researchers and resourceful researchers can now submit vulnerabilities in plugins and themes with 1,000 or more active installations, resourceful Researchers and 1337 researchers will earn an automatic 10% – 120% bonus on all submissions in software up to 5,000,000 active installs, and so on.
WordPress Vulnerability Report — October 9, 2024: Weekly report from SolidWP.

🔌 NEW PLUGINS & THEMES

Be one of the first ones to explore some fresh plugins and themes

Podbase theme

A theme suitable for podcast sites.

Adonay theme: A theme that is designed for single-page websites.
Photolancer theme: A theme crafted for freelance photographers and photography agencies.
Poptics plugin: A customizable popup builder plugin designed to increase leads and sales for your website.
Leafio Letter Avatar plugin: The plugin allows you to create stylish user avatars using just the initial letters.
AI Services plugin: This plugin introduces a central infrastructure that allows other plugins to make use of AI capabilities.

👥 COMMUNITY NEWS

Updates and News from the WordPress Community

Introducing EchoDash

EchoDash, launching in December 2024, created by Jack Arturo is an upcoming central notification center that allows users to view activity across every tool they use to manage their business.

ACSS 3.1.2 released: The latest update introduces new texture and overlay features, specificity adjustments for heading/link styles in color relationships, and more.
LifterLMS turns 10 years old: LifterLMS was launched in 2014 and now has customers in 165 countries, and the free core LifterLMS plugin has been downloaded over 1,432,369 times.
SureCart is now the #2 e-commerce plugin for WordPress: SureCart has now surpassed Easy Digital Downloads to become the second most used e-commerce plugin for WordPress.
Spectra crossed 1M active users: Spectra has reached an incredible milestone, surpassing 1 million active installations.
WP Engine can’t sponsor WordCamp Sydney2024: WP Engine can’t sponsor the upcoming WordCamp Sydney 2024 scheduled to take place from November 2-3,2024, due to the ongoing feud. Also, its employees are also banned from organizing and speaking at WCSyd.
Sentiment analysis on WordPress and Matt Mullenweg: Andrea Volpini highlighted the rising negative sentiment across X, the Web, and Reddit and said “WordPress needs a different governance.”
WP Townhall, a new weekly spaces series: This is hosted by Kevin Geary and Mark Szymanski is an interactive podcast where listeners can voice their opinions instead of just listening. The first episode went live recently.
A new update to the plugin submission checker: The recent change now restricts headers that allow updates from GitHub and other third-party sources.
A quick analysis of the WP login checkbox: Guillermo Rauch analyses the recently updated WordPress.org login page which now requires users to confirm that they are not affiliated with WP Engine to complete the login process.
Povilas Korop’s take on moving away from WordPress: Povilas Korop says that while some might try to shift away from WordPress, they will realize it brings a host of problems too.
Matt Mullenweg’s Bull(enweg): Someone on GitHub created a timeline of every time Matt Mullenweg has lied, misrepresented, or behaved in a questionable manner.
Jeff Matson announces two new tools for decentralizing WordPress plugins and themes: The Wormhole Sync is a tool for syncing/merging WordPress plugins/themes from external sources and the Wormhole API is a drop-in replacement for the WordPress plugin/theme repositories which is currently being worked upon.
Chris Wallace explores Ghost as alternative to WordPress: In the first of the threads to follow, Chris Wallace explores Ghost, its customization, the editor, and so on.
Taco Verdonschot is leaving Yoast: Taco Verdonschot w is bidding farewell to Yoast after 11 years and is joining Emilia Capital.
Tor-Björn Fjellner receives the Yoast Care fund for his contribution to the WordPress community: Tor-Björn Fjellner, a member of the WordPress Community Team is the latest recipient of the Yoast Care fund.

🔖 INTERESTING READS & PODCASTS

More posts and podcasts from the WordPress Community you don’t want to miss

Reflecting on two years at WP Engine: From Advanced Custom Fields
Mirrors, forks & lightbulbs: A community resource: From The WP Community Collective
Leaving WordPress (.org or WPF, still unsure which one): From Megan
Nilo Velez: Making, nurturing, and capturing memories: From Hostinger
Open source takes on enterprise risk management: From The Delta
In conversation with Hans Skillrud: From Seriously Bud?
WooCommerce security essentials for store owners: From Sucuri
Security requirements and 9 best practices for robust e-commerce websites: From Kinsta
What I learned at WordPress Accessibility Day 2024: From Delicious Brains
XSS vs CSRF attacks: How they differ and how to counter them: From Jetpack

🛠 GUIDE ZONE – HOWTO’S and MORE

Handpicked fresh guides from WordPress circle

Penetration testing for WordPress websites: From Melapress

📆 SAVE THE DATES

Do not miss a WordPress event ever again

WordCamp Youth Hackathon Skopje on October 19, 2024: An exciting event designed to inspire young people aged 14 to 17 in the world of WordPress.
Baking High-Performance Websites Tips with WPBakery on October 30, 2024: A live event on Facebook where a panel of experts will share essential tips and strategies for building fast and high-performing WordPress websites.
Rome Core Days on November 8-9, 2024: This will be a two-day event dedicated to WordPress Core developers with round tables, open discussions, and contribution rooms. The schedule is out.
WordCamp Kerala on November 9, 2024: The call for sponsors, speakers and volunteers is out.
WordCamp Romania on November 14-15, 2024: Tickets are out.
WordCamp Malaysia on November 22-23, 2024: Tickets are out.
WordCamp Netherlands on 29-30 November 2024: The call for sponsors is out.
WordCamp Asia on February 20-22, 2025: The venue will be the Philippine International Convention Center, Manila, Philippines.
WordCamp Europe on 5-7 June 2025: The event will be held at Basel – Switzerland’s Capital for Art and Culture.
WordCamp US 2025 on August 26-29, 2025: The event is in the early planning stages.

🎁 WORDPRESS DEALS OF THE WEEK

Again, these are the best deals of the week, handpicked by yours!

EXCLUSIVE DEALS

4 Months free offer on hosting plans of WP Engine (Coupon Code- FREEDOMTOCREATE)
10% off on monthly & annual plans at SureTriggers (Coupon Code- WPCONTENT10)
15% off yearly plans at Videvo (Coupon Code – WPV15)