We were saddened and appalled by Matt Mullenweg’s actions this morning appropriating the Advanced Custom Fields plugin that our ACF team has been actively developing for the WordPress community since 2011.
Advanced Custom Fields is a sophisticated plugin with over 200,000 lines of code, which we continually develop, enhance, support and invest in to meet the needs of our users across WordPress. We’ve made 15+ releases over the past two years, since joining WP Engine, and added significant new functionality to the free plugin as well as continually improving performance and our security and testing practices to meet the ‘enterprise grade’ that our users deserve.
The change to our published distribution, and under our ‘slug’ which uniquely identifies the ACF plugin and code that our users trust in the WordPress.org plugin repository, is inconsistent with open source values and principles. The change made by Mullenweg is maliciously being used to update millions of existing installations of ACF with code that is unapproved and untrusted by the Advanced Custom Fields team.
We are directly able to protect WP Engine, Flywheel hosting and ACF PRO customers – you are not impacted and do not need to take any action. You will continue to get the latest innovations and updates from the experts in the ACF team. The ACF code on wordpress.org is no longer controlled by the ACF team.
— Advanced Custom Fields (@wp_acf) October 12, 2024We have been made aware that the Advanced Custom Fields plugin on the WordPress directory has been taken over by WordPress dot org.
A plugin under active development has never been unilaterally and forcibly taken away from its creator without consent in the 21 year history of… pic.twitter.com/eV0qakURLc
If you have a site managed elsewhere using the free version of ACF, in order to get genuine ACF updates you must perform a one-time download of the 6.3.8 version via advancedcustomfields.com to remain safe in the future. After this one-time download you will be able to update as usual via the WP Admin panel.
You can also follow the same process if your site has already been upgraded to the modified “Secure Custom Fields” plugin, to get back to a genuine version of ACF.
Mullenweg’s actions are extraordinarily concerning and pose the grave risk of upending and irreparably harming the entire WordPress ecosystem. His attempt to unilaterally take control of this open platform that we and so many other plugin developers and contributors have relied on, in the spirit of sharing plugins for all, provides further evidence of his serious abuse of trust, manifold conflicts of interest, and breach of the promises of openness and integrity in the community.
About the Author
Iain is the Product Manager for Advanced Custom Fields. He has a long history of building and growing WordPress plugins. Moonlights as a PhpStorm evangelist.
For plugin support, please contact our support team directly, as comments aren't actively monitored.