The WordPress mess

WordPress is the world's most popular open‑source blogging and content‑management platform. In its 20‑plus years of existence, WordPress has been something of a poster child for open source, similar to Linux and Firefox. It introduced the concept of open source to millions of bloggers, small‑business owners, and others who have deployed WordPress to support their web‑publishing needs. Unfortunately, it is now in the spotlight due to an increasingly ugly dispute between two companies, Automattic and WP Engine, that has spilled over into the WordPress community.

Background

WordPress is a PHP‑based, GPLv2-licensed, content‑management system (CMS). It was forked from b2 by Matt Mullenweg and Mike Little in 2003, after b2's development stalled. As blogging became mainstream, WordPress was the tool of choice for many aspiring bloggers due to its ease of use and the fact that it was free as in beer and speech.

In 2005, Mullenweg founded Automattic, which started out offering WordPress hosting via WordPress.com and comment-spam protection via the Akismet service. Its portfolio of services and holdings (including the Tumblr micro‑blogging platform) has grown substantially since then; it includes the WooCommerce online-store platform, Gravatar web-profile service, Newspack news-publishing platform, and others. WordPress hosting, however, remains at the core of its business.

Foundation and trademark

The reality is that the name is still under the control of Automattic, and thus still under Mullenweg's control. The WordPress Foundation trademark policy says that any commercial use of the WordPress trademark is controlled by Automattic, which has an exclusive license. The foundation only controls non-commercial uses, and the only active member of the foundation's board seems to be Mullenweg. According to the most recent tax filing by the foundation, there were only three board members in 2022: Mullenweg, Mark Ghosh, and Chele Chiavacci Farley.

One might assume that the foundation is involved in running WordPress.org, but it is not. Donations to the foundation primarily support events and education about WordPress. Its financials for 2023 detail expenditures for events and publishing videos on WordPress.tv. Individuals and organizations that want to support the WordPress project itself are encouraged to contribute resources to "Five for the Future". This program was introduced in 2014 by Mullenweg for others in the WordPress ecosystem to help "grow the WordPress pie".

The dispute

The other major player in this drama is WP Engine. That company was founded in 2010 by Jason Cohen and Cullen Wilson, who described themselves as "power users" who wanted to provide hosting by WordPress experts. The company now bills its offerings as the "most trusted WordPress platform". Like Automattic, WP Engine's business is based on hosting and supporting WordPress. In 2018, WP Engine took funding from private-equity firm Silver Lake. The upshot is that both companies compete for the same customers, have substantially similar offerings, and have investors to please.

On September 20, at WordCamp US 2024, Mullenweg used his talk to air some grievances against WP Engine and Silver Lake. He followed up the next day with a blog post titled "WP Engine is not WordPress" that criticized WP Engine's lack of contributions to WordPress, and its disabling of WordPress's revisions feature that saves each saved draft or published version of a post or page. A standard WordPress installation will have no limit on the number of revisions stored, or how long the revisions will be stored. Users can compare revisions to see what has changed, and restore an older revision if desired. WP Engine turns this feature off by default, though users can contact support to turn on as many as five revisions that will be stored up to 60 days.

Mullenweg described the feature as being a core piece of the promise to protect user data, and claimed that WP Engine wanted to turn off revisions to avoid paying for storage. "They are strip-mining the WordPress ecosystem, giving our users a crappier experience so they can make more money."

Mullenweg claimed that the companies enjoyed similar revenue, but complained that WP Engine's contributions to the WordPress project averaged 40 hours per week compared to Automattic's nearly 4,000 hours per week. He had choice words for WP Engine, calling it a "cancer to WordPress" and encouraged customers to "consider literally any other WordPress host". He argued that because of WP Engine's modifications, customers were not getting WordPress. "And they're profiting off of the confusion. WP Engine needs a trademark license to continue their business."

The foundation's policy page used to say that the WP abbreviation "is not covered by the WordPress trademarks and you are free to use it in any way you see fit". It has been recently updated, sometime after September 19, to say that the abbreviation is not covered, "but please don't use it in a way that confuses people":

For example, many people think WP Engine is "WordPress Engine" and officially associated with WordPress, which it's not. They have never once even donated to the WordPress Foundation, despite making billions of revenue on top of WordPress.

Mullenweg's blog post focuses heavily on making the point that WP Engine's offering is "not WordPress" because it turns off revisions—but the trademark policy is silent on what modifications are or are not permitted to describe something as WordPress. It should be noted at this point that WordPress.com does not offer unadulterated WordPress to all of its customers either. Another core feature of WordPress, the ability to install third‑party plugins and themes, is restricted to customers who pay for the Business tier of hosting or above (about $300 a year).

Stop it

On September 23, WP Engine sent a cease-and-desist letter to Automattic, which it also made public. In the letter, the company claimed that Mullenweg had "suddenly began demanding that WP Engine pay Automattic large sums of money", or he would "go 'nuclear' on WP Engine" during the keynote at WordCamp on September 20. The letter includes what are alleged to be text messages from Mullenweg that describe the way he will attack WP Engine and Silver Lake during the keynote, unless the company was willing to negotiate a payment of a percentage of its revenues for use of the trademark.

Automattic also sent (and published) its own cease-and-desist letter the same day, that demanded WP Engine stop using an assortment of trademarks, including WordPress. It demanded an accounting of profits from use of service offerings that were marketed under the trademarks, and compensation for unauthorized use. As examples of infringement it specifically called out "many references to WP Engine being 'WordPress Engine'". The letter was also accompanied by pages of examples highlighting instances of the phrase "WordPress Engine" as well as social-media posts where apparently confused users ask questions about WordPress Engine.

Automattic's cease-and-desist put a tentative figure on what the company was seeking from WP Engine: a "mere 8% royalty" on WP Engine's estimated $400 million in annual revenue, or more than $32 million per year in "lost revenue". It left open the potential for amicably resolving the matter "including through a licensing relationship for use of its trademarks".

In a post about the dispute on his personal blog, Mullenweg said that Automattic had been trying to make a licensing deal with WP Engine for a long time, but had been strung along. It was not a money grab, he said, but an attempt to make WP Engine pay its fair share, and that the company had been offered the options of "either pay a direct licensing fee, or make in‑kind contributions to the open source project".

Escalation

Because Mullenweg posted the "WP Engine is not WordPress" post to WordPress.org's news page, it also showed up in the WordPress administrative dashboard in a "news and events" widget. That meant the message was immediately visible to WP Engine customers if they happened to have that widget enabled and were using the dashboard. WP Engine apparently removed the widget from its hosted customers' WordPress installs on September 24. On September 25, Mullenweg posted on WordPress.org announcing that WP Engine was "banned from WordPress.org", meaning that users on WP Engine could no longer use built‑in WordPress update features and more:

WP Engine wants to control your WordPress experience, they need to run their own user login system, update servers, plugin directory, theme directory, pattern directory, block directory, translations, photo directory, job board, meetups, conferences, bug tracker, forums, Slack, Ping‑o‑matic, and showcase. Their servers can no longer access our servers for free.

Why now?

The obvious question on many people's minds is "why now?", which was not really addressed in any of the public statements. Mullenweg discussed the timing in a live-streamed interview by Michael B. Paulson on September 26. Paulson asked "at what point did this become something that must be addressed, and in this way?" Mullenweg responded that other companies in the WordPress ecosystem contribute or pay for trademark agreements "even though they make way less revenue" than WP Engine:

They kept saying they were going to do something for years, and there's a lot of friendly people there [...] I guess I didn't realize how, like, capricious and evil private equity could be, so that is totally my fault and I apologize for that.

Paulson followed up and said that, "as an outsider" it was unclear why this happened now and not a year ago or another point in time. Mullenweg said that he had been "trying to connect" with WP Engine for years but the company had been unwilling to negotiate: "they were just like, nope, not anything, you know? Let's delay, delay, delay". Mullenweg said that WP Engine had "tried to make it look like I was extorting them last minute" but he had wanted to avoid the fight. "In fact, they could sign a trademark license today and this would all go away".

Another bone of contention that Mullenweg said he had failed to communicate to the community was over transactions made via Stripe with the WooCommerce plugin. Mullenweg said that WP Engine had "hacked" the plugin to change the attribution code so that "tens of millions of dollars" in fees go to WP Engine rather than Automattic. Note that the plugin is licensed under the GPLv3, and the information page makes no mention of any referral codes or expectations that the referral codes should remain unchanged. The privacy policy that is linked from the WooCommerce information page mentions several reasons that information is collected, but none of them address affiliate fees or attribution codes that generate revenue for Automattic.

Reactions

The ban of WP Engine from using WordPress.org services has sent WordPress users and developers scrambling. Cullen Whitmore, a WordPress contributor and owner of an agency that provides WordPress services, wrote an open letter that made an appeal to Mullenweg to remove the ban on WP Engine and provide a timeline to reach a deal. The only brand confusion, he said, is for new users confused about where to get started with WordPress, WordPress.com or WordPress.org. He also defended WP Engine's contributions, saying that it contributes back "through other methods", such as supporting users and developers in adopting and implementing WordPress features.

He found the ban troubling, but he said "my biggest concern was raised by your response to a user in the Make WordPress Slack". (The conversation is here but requires creating or having a WordPress.org account and then signing up for the Slack channel.) A user asked what they should tell their customers who need updates. Mullenweg told the user to contact WP Engine and "be mad at the person you're paying". He added that WP Engine "can fork WordPress, too, and publish their own version. I'd love that". Mullenweg, Whitmore said, should "rethink your position on speaking about those caught in the middle. You didn't sound like a leader here".

User "FeralRobots" on mastodon.social said that, without an easy way to specify alternative repositories for WordPress, "Matt Mullenweg is basically a living supply chain vulnerability in the WordPress ecosystem".

Part of Automattic's urgency in trying to force WP Engine to the table may be the increasing commoditization of WordPress hosting as a business. Eric Mann, a "power user" of WordPress who used to work with it professionally, wrote that all of the companies exhibiting at WordCamp US were "commodity plays". Every one, he said, claims to be the fastest or most innovative, but "I can't tell you what makes them different other than the color of the socks they were giving away as swag". He later wrote that Mullenweg had raised "valid concerns" around "WP Engine's failure to contribute back to the open source community". Mann also blamed WP Engine for failing to have protections in place "for an unexpected outage of WordPress.org API services".

The value of infrastructure

Brian Coords, who is a technology director at a WordPress development agency, wrote on September 27 that "Matt's intentions in waging a battle of FOSS vs PE [private equity] are good, but to be clear: I don't agree with his tactics." (Emphasis his.) He said he never expected Mullenweg to "compromise individual WordPress installations and act in such a user-hostile way" but that what made WordPress successful was more than the code, it was "the seamless distribution of core, theme, and plugin updates that are hosted and deployed by WordPress.org". If users still had to manually upload PHP files and SFTP into servers, as they had to do in the early days, the project wouldn't be nearly as successful. That distribution network, he said, is subsidized by Automattic and is "Matt's to do what he pleases with it":

If you've been relying on one-click core updates and the plugin directory to manage the distribution of open source plugins to/from websites (which of course we all have), then you have been playing in Matt's sandbox. This sandbox is not "open source WordPress" or the WordPress Foundation. It is WordPress.org, which is a wonderful thing that Matt Mullenweg owns and has stewarded for the last two decades. But it is not "ours".

Paolo Belcastro, an Automattic employee who has been with the company since 2011, wrote that the costs of maintaining WordPress.org and its infrastructure are "tens of millions of dollars every year", which is sponsored by Mullenweg personally and Automattic. He notes that WP Engine actually charges customers for the automatic updates ($3 per month) that are provided free to others via WordPress.org.

A brief reprieve

On September 27, Mullenweg announced a reprieve for WP Engine until October 1 to allow the company to "spin up their mirrors of all of WordPress.org's resources that they were using for free while not paying". He blamed WP Engine and Silver Lake for the impact on customers:

I've heard from WP Engine customers that they are frustrated that WP Engine hasn't been able to make updates, plugin directory, theme directory, and Openverse work on their sites. It saddens me that they've been negatively impacted by Silver Lake's commercial decisions.

WP Engine was well aware that we could remove access when they chose to ignore our efforts to resolve our differences and enter into a commercial licensing agreement. [...] You could assume that WPE has a workaround ready, or they were simply reckless in supporting their customers. Silver Lake and WP Engine put their customers at risk, not me.

Calls for change

Joost de Valk wrote that he would like to see "big WordPress companies" contribute, but there was a need for transparency and community-based governance. He had founded Yoast, a company that provides search-engine optimization (SEO) tools and plugins for WordPress (as well as other platforms). He wrote that if there are requirements to contribute, "we can call that taxation", and that should come with representation:

In my opinion, we all should get a say in how we spend those contributions. I understand that core contributors are very important, but so are the organizers of our (flagship) events, the leadership of hosting companies, etc. We need to find a way to have a group of people who represent the community and the contributing corporations.

Just like in a democracy. Because, after all, isn't WordPress all about democratizing?

Josh Collinsworth, a front-end developer who has worked at WP Engine in the past, called for Mullenweg to be removed. He said that Mullenweg "has, for far too long, enjoyed unchecked powers at the top of WordPress" and that those powers were "all too often a direct and flagrant conflict of interest". Collinsworth said that he was not defending his former employer, and he would happily discuss "how much WP Engine sucks" but that "the ability to block an entire hosting provider from accessing the plugins repository is a power that nobody should have":

I don't care about Automattic giving 5% to WordPress anymore. I want it to give up Matt's unchecked, unilateral power. Because it's clearer than ever he can't be trusted with it.

Uncertainty continues

The tit‑for‑tat between Automattic and WP Engine may continue for some time, but the impact of the conflict has already sent tremors throughout the WordPress community. Users on Mastodon, Twitter, and other social-media sites are voicing complaints with the way that Mullenweg has handled the situation and the uncertainty it has caused. It seems likely that "are we next?" is a popular topic of conversation in the hallways (or Slack channels...) at other companies providing WordPress hosting and services.

No matter how long the two companies have been negotiating behind the scenes, this incident came as a surprise to far too many WordPress users caught in the middle. And, if one takes a moment to think about Mullenweg's argument that "WP Engine isn't WordPress" for lack of the revisions feature, it's unclear how paying Automattic a licensing fee for use of the name is going to make anything better for anyone but Automattic. Presumably, if WP Engine forks over a big enough pile of cash, Automattic is willing to let the company continue to skimp on revisions, and contributions.

It is apparent that the foundation is simply a fig leaf to allow Automattic continued control of the WordPress marks, while giving the appearance of independence. There is no benefit to the WordPress community to have a non-profit holding the marks if the entity simply boomerangs the exclusive rights back to the for‑profit that turned them over in the first place.

As Coords wrote, the infrastructure around WordPress.org is wholly controlled by Mullenweg and funded by Automattic. That is a burden that shouldn't be carried by one person or company, and it gives too much power over the larger community. A week ago that argument was a hypothetical, but Mullenweg has demonstrated willingness to wield that power unilaterally, without warning, and with no checks or balances aside from public outcry. The arrangement that places Automattic as the sole benefactor providing hosting and other services for WordPress.org, and Mullenweg as the sole decider about its policies, is a weak point for the larger community and ecosystem around WordPress.

The WordPress mission is to "democratize publishing". The project has enabled millions of users and organizations to easily publish content to the web. I include myself as one of them, since I've been using WordPress (off and on) for almost its entire history. The project itself, unfortunately, seems to be leaning toward the autocratic. One can find WP Engine's lack of contributions to be problematic while still being concerned that Mullenweg has too much power over a project—and its infrastructure—that powers a significant portion of the world's web sites.