The nice thing is it's GPL, so the founder/owner can't just take his ball and go home. It's also widely-used/important enough that it will get forked if leadership problems start to make it unusable for too many people.
The problem though, for people who want to use WordPress, is that WP sites fundamentally rely on wordpress.org for downloading and installing plugins and themes, and critically for security updates to plugins and themes. (You can install/update manually, but the standard admin dashbord is set up to make wordpress.org integration by far the best way to do so.)
Yeah, you've got your GPL copy of all the source code. But next week's discovery of vulnerabilities in whatever random plugin gets to be this weeks news means you need to download/install the updated version. Which canonically is found at wordpress.org. We host a couple of dozen sites on WPEngine (and have done for about a decade, very happily with the price, features, and service). Our internal business continuity planning is now investigating ClassicPress, keeping an eye on comms from WPEngine to see what their path forward in terms of keeping WP sites updated without wordpress.org access, and questioning whether it's time to stop using WordPress at all. We already have a few sites that use WP as the admin/publishing tool, and generate the site as static html for hosting via S3/CloudFront - we may make that our standard deployment bit if we had to move all our WP sites off WPE, we may as well investigate other newer tools.
We are certainly having conversations right now with potential new clients warning them of the drama in the WordPress ownership/ecosystem, and advising considering alternative options or at least waiting until the dust settles on Matt's current ill advised crusade.
Having a backup to restore from is not really the major concern versus mitigating being hacked in the first place, having your database stolen, and needing to report that, whilst surviving the reputational damage and penalty fees that likely brings.
A restorable backup isn't really a priority versus the above.
The update issue doesn’t sound like a big deal. What’s stopping WP Engine from setting up their own mirror system?
CentOS did this to Redhat for decades. They literally stripped out the trademarks and distributed the OS to anyone with no contracts at all. Patches were available same day that RH published them, and were applied from CentOS update servers.
The endgame for WP seems to be that they give up this fight or close their source and act like a real licensed software company. You can’t play GPL until it no longer suits you, then start making insane demands about revenue sharing and all this nonsense.
The risk I need to address is what's stopping Matt denying WPE access to that place where all the plugins and themes are published? Where does plugin-updates.wpengine.com get its content from, and how soon is Matt gonna block that? And an arms race of WPE needing to use proxies or other workarounds is not a business grade answer.
As I see things, either
1) the "WordPress community" that Matt thinks he's fighting for step up and tells him "No thanks, we absolutely do not want you to fight this fight" and removes him from power,
2) WPE wins the court case and a judge tells Matt "Nope, you're wrong about trademark law and you're wrong about the GPL and you are going to be held to the claims you made in the past about WordPress the software and WordPress the foundation and wordpress.org the software distribution and update service."
or
3) We are witnessing the start of the end of WordPress being trusted to run almost half of the internet.
> 1) the "WordPress community" that Matt thinks he's fighting for step up and tells him "No thanks, we absolutely do not want you to fight this fight" and removes him from power
The issue with this is that it absolutely will require a fork:
The WordPress Foundation President is Matt. There are only two other board members, only one of whom is active, and both were appointed by Matt unilaterally.
The WordPress Foundation (i.e. Matt) granted Automattic (i.e. Matt) an "exclusive, perpetual and irrevocable" license to Automattic re use of WordPress identity.
Wordpress.org is the exclusive property of Matt (although he has long played fast and loose here - just yesterday he was caught editing Automattic blog posts from referring erroneously to WP.org as a non-profit charity to 'a website that performs a community service').
>The WordPress Foundation President is Matt. There are only two other board members, only one of whom is active, and both were appointed by Matt unilaterally.
The thing is, once you organize a foundation as a non-profit with the government, you lose some of your ability to make decisions that are contrary to whatever charter and goals and such you specified when it was created. Matt may have screwed himself over by putting the stuff he wants to profit off of into ownership of the non-profit.
> The issue with this is that it absolutely will require a fork
Perhaps?
There is a significant group of people Automattic relies on to make the WordPress project and community a thing. While Matt probably can afford to pay enough devs to maintain WP core, I doubt he's wanting to pay to do all the maintenance for all the OSS/GPL plugins and themes on wordpress.org that are a big part of what makes WP attractive over other free and OSS CMS/blog alternatives.
Those people could probably mount a campaign that'd threaten Automattic's financial bottom line, which since Matt's extortion show that for him this is all about money that someone else has that he wants, perhaps that'd be "enough"?
As a customer and user of WPEngine, what role do you see wordpress in that relationship? Generally when I buy things I try to take some consideration of the sub-contractors and suppliers to the supplier of service, but I am aware that I do not have a direct relationship with them.
I doubt the courts will demand that WordPress foundation must provide servers and bandwidth indefinite and free of charge to anyone, especially when there is no contract between WPEngine and WordPress foundation. When Youtube removed API functionality and under a night destroyed companies that relied on those free API's, courts did not demand that Youtube went back. It is inherently risky for companies to depend on someone else servers and network service being provided for free without any contract.
The more easy path forward would be for WPEngine to switch dependency. Debian has an reliable repository. Core wordpress is already packaged there, it get updates, and a handful of the most popular themes are also packaged. If that is not enough then WPEngine could spend employee hours to package more themes. No need for proxies or workarounds. I would estimate that 90% of the customers on WPEngine could continue to exist using just that.
"The point of the foundation is to ensure free access, in perpetuity, to the software projects we support" https://wordpressfoundation.org
That's not only on their website, it's also stated in their 501c3 filings with the IRS.
Another thing to note is that "wordpress.org" is hardcoded into several places in the source code, and Matt has outright refused to make it more directly configurable.
There are even more issues involved, so while your point is sound, the reality of the situation is pretty complicated.
The free software movement and FSF in particular has always been very clear that free in this context does not mean that projects can't sell CD's with software on it. It is also this interpretation that allow for paid support, which would otherwise also not be "free". It is possible that courts would make a different interpretation, or that free access to software will be interpreted as not free software, but instead about free access to a distribution channel, Which mean wordpress could go proprietary under that statement (free access to download would says nothing about freedom to run it). The distinction gets generally refereed as "free as in speech, not free as in beer".
Regarding Debian, I don't know if the Debian package has anything hardcoded to wordpress.org. The generally recommended update path is to use debian package manager rather than internal updating mechanics. Debian maintainers often patch thing or change defaults as part of the packaging in order to make software behave nicely with the debian eco-system.
> The more easy path forward would be for WPEngine to switch dependency. Debian has a reliable repository.
Yeah, but.
Do we trust Matt now to not required the Debian packagers to, as he says, "choose sides" before giving Debian access to the wordpress.org infrastructure to download updated WordPress core and plugins/themes? I can _easily_ see him escalating like that.
> As a customer and user of WPEngine, what role do you see wordpress in that relationship?
The same role as I always used to see WordPress (the project, including WordPress core and the entire 1st and 3rd party plug/theme community) has with other companies that have a WordPress installation capability like cPanel and Plesk, and with every other hosting company that makes is easier to deploy WordPress than starting from a bare Linux VM - like GoDaddy or Dreamhost or practically any SMB oriented web hosting vendor.
And I think Matt is being entirely disingenuous, probably to the point I'd be happy to accuse him of outright lying, when he says WPEngine don't contribute back to the WordPress community. WPE have listed out the support they provide to the community which is in the form of conference sponsorship and development of open of the important plugins (ACF). While they obviously _could_ do more, I think the blackmail tactic Matt's using to extort them into paying 8% of revenue (at many million dollars a year) not to "the WordPress Community", but into a company (Automatic) that's directly owned by Matt, and that is a direct competitor in the WordPress hosting space.
And the recent news the the WordPress Foundation has applied to trademark "Wordpress Hosting" and "Managed WordPress" is totally off the charts punching "the WordPress Community" in the face. In my experience, by far the most common WordPress user acquisition channel is people using $5/month GoDaddy or similar hosting with a one click WP install, and sooner or later outgrowing that level of over subscribed web hosting and moving on to more dedicated WordPress hosting either through a digital agency or consultant, or going directly to WPEngine (often on recommendation from people just like me).
If Matt gets _any_ traction in enforcing 8% revenue (or more, as he's threatened) from WPEngine for using the word "WordPress" on it's website, how quickly do you think the lawyers at low margin/low cost of entry vendors like GoDaddy will say "Just take down every single mention of WordPress _anywhere_ and stop offering it to customers."
As I said, absent some adult supervision over Matt's tantrums, I believe we are witnessing the start of the end of WordPress.
"if Matt" "do we trust Matt" "blah blah yeah but Matt"
So why isn't this thing forked yet? It seems like WP Engine has the resources and now the motivation to do it. Advertise as a 100% compatible drop in replacement. MariaDB did it.
It’s more that WP Engine is successful and hasn’t meaningfully contributed back to the Wordpress project.
Which I can sympathise with. But this isn’t what open source is about both legally and morally. And there are better ways to achieve this goal than by making a mockery of the Wordpress foundation and harming end users.
>The wordpress foundation has never been anything BUT a mockery. It doesnt do anything - it is a shell for Matt's trademark schemes and tax fraud
It does kinda seem that way as an outsider looking in. There definitely seems to be some legal shenanigans going on when he's using his for-profit company Automattic to complain about stuff happening to the non-profit Wordpress Foundation. They should be legally separate enough that what he's doing shouldn't be possible.
