Cancel

Jyolsna

WordPress.org Releases New ‘Secure Custom Fields’ Plugin With ACF Pro Features

In the latest chapter of the ongoing dispute between Automattic and WP Engine, a new plugin “Secure Custom Fields” (https://wordpress.org/plugins/secure-custom-fields/) has been added to the Plugin Repository by WordPress.org. This plugin has 90+ active installations and exhibits the features of ACF Pro plugin like repeater, flexible content, clone fields gallery, options pages, and ACF Blocks.

Last month, WordPress.org took over WP Engine’s ACF plugin, citing security issues, and renamed it Secure Custom Fields (https://wordpress.org/plugins/advanced-custom-fields/

David McCan from WebTNG, has a detailed video analyzing the new plugin. He shares that the update check and license check functionality from ACF Pro has been removed. He remarked “This seems like a classic case of a null plugin which is now being hosted in the WordPress plug-in directory. So I’m wondering if this is even a legal Fork. I’m not an expert in software licensing law but my understanding is you need to preserve the original copyright notices when you fork a plugin. it’s one of the requirements.”

Prominent voices have weighed in on the controversy. Gergely Orosz of The Pragmatic Engineer newsletter tweeted, “Automattic – the creator of WordPress, a company raising $950M in VC funding – took a paid WordPress plugin built and owned by another dev and re-published it, making it free. If you have a business selling a paid WP plugin: Automattic can null it, anytime. Another new low.”

Duane Storey shared in X that ACF is now “an officially registered trademark of WP Engine.” He also said, “Sounds like what’s being put into the WordPress repository is basically a nulled version of ACF Pro without some of the copyrights.  It’s clear Matt’s no longer a champion of any of the things he once said he was.  I left a review. “

Tim Brugman, a Full-Stack Developer, pointed out, “A8c’s _new_ SCF plugin deactivates Advanced Custom Fields PRO when it is activated. An action that is not allowed by the dot org Plugin Handbook.”

Automattician Brandon Kraft, who submitted the plugin, addressed the issue on Mastodon, “The decisions on forking ACF or ACF Pro, etc., are above my paygrade, so to speak, but I didn’t refuse to work on it because I wanted to try to do it right/better.” He also shared, “I wasn’t involved in the forking the Pro code, but I just don’t see a notice. One item on my list is create a proper LICENSE.md that includes the GPL and ack past copyright…acknowledging it is built on existing work. If I missed the copyright already in the code, that’s an oversight on my part and not intentional.”

The Repository reported that a member of the WordPress Plugin Review Team, speaking on the condition of anonymity, confirmed that after Kraft submitted the ACF Pro fork, it was approved by another Automattic employee, bypassing the Plugin Review Team’s usual processes and checks.

The incident has sparked heated discussions on Reddit too. While the majority is against WordPress.org’s action, some support getting the pro features for free.

The preliminary injunction hearing for WP Engine vs Automattic is scheduled for later today. 

Category: ,
Tags:

SHARE THIS:

LIKE THIS

4 Comments

4 Comments

  • Author
    Posts
    • Nat Miletic
      November 30, 2024 at 9:25 AMView in Forum

      While the majority is against WordPress.org’s action, some support getting the pro features for free. – LOL

      It was quite a surprise logging into some of our client sites and seeing a SCF plugin that we never installed.

      We will be sticking with ACF Pro.

      Reply
    • Aaron Reimann
      November 30, 2024 at 9:29 AMView in Forum

      It’s extremely sad how this all played out. Honesty, integrity, and ethics are no longer important to the WordPress ecosystem as the leader continues to demonstrate that. ACF is stolen property, plugin developers no longer have a reason to submit their code to .org.

      I’ll still use WordPress until I can find something better, but a big piece of the WordPress community died when Auto[Matt]ic took over ACF.

      Reply
    • Dodi
      December 3, 2024 at 11:23 AMView in Forum

      It has always been clear, that Open Source licenses allow forking, it is a basic necessity. A necessity, that has been ignored far too long, because that seemed to produce a balanced outcome by providing “Pro” plugins and themes, that the ecosystem seemed to profit from. Imho that profiteering has been reversed over the past years. The commitment to classic Open Source has turned into often highly profitable business models, that even hinder the further development of Core, because “there’s already a plugin for that.”

      WordPress still has a long history of such nuisances, that have to be dealt with using plugins, e.g. changing the domain name, user rights and the interface, SEO, forms and email, hardening, … , and tada, working with custom fields.

      Imho WP should go much further from here and fix what’s broken for a long time, instead of further outsourcing the work to SAAS vendors, whose business models increasingly became mirrors of those of the big monopolistic / enshittified big players.

      Reply
    • Sidaani
      December 28, 2024 at 10:12 AMView in Forum

      This situation is heating up! Automattic’s release of “Secure Custom Fields” raises concerns about licensing, copyright, and ethics. While users get free features, the removal of key functions and bypassing the review process adds to the controversy. The legal hearing today could have big implications for the WordPress ecosystem.

      Reply
  • Author
    Posts

View in Forum

  • The topic ‘WordPress.org Releases New ‘Secure Custom Fields’ Plugin With ACF Pro Features’ is closed to new replies.

You may also like

Newsletter

Subscribe Via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Get updates from WP Tavern

Subscribe now to receive email updates directly in your inbox.

Continue reading