The WordPress ecosystem is facing challenging times as a bitter dispute between the co-founder of the website building software, Matt Mullenweg, is engaged in a legal fight with WP Engine – a hosting service provider – that is threatening to reshape one of the internet’s most important web development platforms.

The conflict started in mid-September 2024 when Mullenweg, who is also the CEO of WordPress’s parent company Automattic, published a blog post that categorized WP Engine as a “cancer to WordPress.”

He emphasized that WP Engine’s decision to disable users’ ability to track their post revision history by default was against the platform’s core promise of keep their data protected.

Mullenweg voiced his concerns about how WP Engine has used the WordPress brand and has confused users by making them think there is a relationship between the two companies.

He threatened to take a “scorched earth nuclear approach” to deal with the web hosting service unless it pays a significant percentage of its revenues to the WordPress Foundation for licensing its trademark.

The two companies exchanged several cease-and-desist letters as a result of the rift as Automattic alleged that WP Engine took unfair advantage of its trademark and violated intellectual property laws with its use of the WordPress and WooCommerce brands.

WordPress Foundation Blocked Access to Resources for WP Engine

The impasse reached a critical juncture when Mullenweg opted to block WP Engine’s access to WordPress.org resources – a decision that impacted the ability of WP Engine’s hosted website to update plugins, themes, and other similar features. It also exposed them to security vulnerabilities.

WP Engine responded by deeming the action “unprecedented and unwarranted”, arguing that it impacted not just their company but all WordPress plugin developers and open-source users who depend on WP Engine tools.

WordPress gave WP Engine a deadline that ended on October 1 to make changes to its name and service and detach itself from the brand. They also made changes to their Trademark Policy page and added the following clause:

“The abbreviation ‘WP’ is not covered by the WordPress trademarks, but please don’t use it in a way that confuses people. For example, many people think WP Engine is ‘WordPress Engine’ and officially associated with WordPress, which it’s not. They have never once even donated to the WordPress Foundation, despite making billions of revenue on top of WordPress.”

After facing mounting pressure from users, WP Engine implemented several changes, including an update to their website footer that explicitly clarified their lack of affiliation with the WordPress platform and renaming their service plans to remove “WordPress” references.

The company also developed its own solution for updating plugins and themes to maintain service continuity for its customers.

WP Engine Sues and Claims Abuse of Power

On October 3, WP Engine elevated the conflict to the courts and filed a lawsuit in California against Automattic and Mullenweg. The complaint alleged abuse of power in controlling WordPress resources and failure to maintain promises about running WordPress open-source projects without constraints.

The conflict triggered significant internal dissent at Automattic that resulted in a total of 159 employees accepting severance packages while approximately 80% of these departing employees came from the Ecosystem/WordPress division.

Also read: 9 Reasons WordPress is Perfect for Small Businesses

The situation further escalated when WordPress.org took control of the Advanced Custom Fields (ACF) plugin from WP Engine on October 12, preventing the company from updating the open-source plugin repository. This move was particularly significant given ACF’s crucial role in WordPress development.

Automattic’s legal representative quickly voiced his comments regarding the lawsuit and stated: “The whole thing is meritless, and we look forward to the federal court’s consideration of their lawsuit.”

However, there was clear dissent among the leadership team about how the situation has been approached and dealt with as the company’s executive director, Josepha Haden Chomphosy, was among the group that left the company.

She was quickly replaced by Mary Hubbard, the former leader of TikTok’s US governance and experience department.

Mullenweg Takes Control of Critical WP Engine Plugin

The WordPress community’s reaction has been marked by concern over the precedent this conflict sets for other projects using WordPress trademarks and the impact that it has on the open-source protocol.

Notable figures in the tech community have weighed in including the founder of Ghost CMS, John O’Nolan, who criticized how power has been consolidated to a point that is dangerous to the internet as we know it. He argues that 40% of the web and 80% of the CMS market should not be controlled by one individual and it isn’t hard to see why.

The situation escalated last week when WordPress unilaterally took control over a critical WP Engine plugin known as Advanced Custom Fields (ACF) as the Foundation’s team allegedly identified a security issue.

Mullenweg defended the decision and justified it by claiming that they needed to remove “commercial upsells and fix a security problem.” They replaced the plugin with a new one called “Secure Custom Fields” (SCF).

Ruby on Rails Creator Asks Mullenweg to Reconsider His Approach

The creator of, Ruby on Rails, David Heinemeier Hansson, argued that this action constituted a violation of Automattic’s open-source principles.

He claimed that the WordPress Foundation should act much as a “Little Switzerland” when it comes to their open-source platform and must not “weaponize” code registries as this sets a dangerous precedent that could threaten the entire ecosystem and scare off developers.

“Don’t turn into a mad king. I hold your work on WordPress and beyond in the highest esteem. And I recognize the temptation of gratitude grievances, arising from beneficiaries getting more from our work than they return in contributions. But that must remain a moral critique, not a commercial crusade,” he said with respect to Mullenweg’s decisions.

Meanwhile, the WordPress security consultant Tim Nash questioned the motives behind this decision by stating: “Secure Custom Fields is no more secure than ACF. The security patch to fix a vulnerability found by Automattic last week was already applied by the WP Engine team prior to this incident, shared with the WordPress Security Team who had ALREADY patched ACF on wordpress.org.”

The WordPress Foundation’s pending trademark applications for “Managed WordPress” and “Hosted WordPress” have further fueled concerns about the future of commercial operations within the WordPress ecosystem.

The WordPress Ecosystem May Never Be the Same After This

This conflict has raised questions about how commercial interests and open-source principles coexist and how power dynamics can significantly influence the governance of these types of projects.

As of October 2024, the situation remains volatile with ongoing legal proceedings between WP Engine and Automattic and uncertainty regarding the use of the WordPress and WooCommerce trademarks and plugin controls.

The dispute has prompted multiple businesses and developers to reassess their dependence on both WordPress and commercial hosting providers and could reshape the future of web development.

This situation represents more than just a conflict between two companies. It highlights the complex relationships between open-source projects, commercial entities, and the communities they serve.