Wordpress 2024

From DevSummit
Jump to navigation Jump to search

Wordpress Tea Time

People in attendance

  • People considering using WordPress
  • People considering leaving WordPress
  • WordPress developers with up to 15 years experience
  • People with WordPress core contributor experience
  • People with Drupal core contributor experience
  • People with CiviCRM core contributor experience
  • People who moved from Drupal to WordPress
  • People with Drupal platform experience

People attending are curious about:

  • The WordPress leadership model
  • how are decisions made?
  • status of community


Who are the players?

  • WordPress is Free Open Source software that runs 40% of top 10 million sites on the internet, 30% of internet overall. (It's a big deal!)
    • This software is under the GPL License, which basically means you can do anything you want with it, including redistribute it to other people as your own product.
    • There is huge number of add-ons (called plugins and themes) for Wordpress that are created by thousands of people and businesses, forming a healthy ecosystem.
  • Matt Mullenweg (Matt) is a BDFL (benevolent dictator for life) for WordPress.
    • "BDFL" is a common leadership model in Open Source projects, where the person who created the project retains complete control over the project.
    • Matt has a history of doing unsavory things (maybe not so benevolent)
  • Automattic is a company owned/run by Matt.
    • Automattic supports the WordPress software via core code contributions, design, leadership, administration, etc.
    • Direction of the WordPress project is controlled largely by Automattic.
    • Automattic is also responsible for doing most of the work to maintain the WordPress project.
    • Automattic has ~5% of employees (currently around 100 people) working full-time, directly on core contribution.
    • Automattic is focused on the editorial experience of WordPress. They want to be building an alternative to Squarespace / Wix. (benefiting everyone)
    • Automattic has also acquired a handful of successful WordPress "Plugins" (benefiting themselves) and -*for example -*the Woocommerce plugin is working on out-competing Shopify. (revenue for Automattic)
    • 2 people have been recently hired by Automattic to work specifically on "the project" (assumed to be WordPress) who have experience working on TikTok, and Apple appstore.
      • Is "the project" actually wordpress.org?
      • One theory is that wordpress.org may be moving to an app-store style model, where the plugins and themes may need to give 30% of profits to be listed on wordpress.org. (Possible revenue for Automattic)
  • WordPress.org is a website for the community. It's where themes and plugins for WordPress are maintained and distributed. It's the source of information on imporant security updates, and It's critically important for everyone who uses WordPress, and for the software project as a whole.
    • People had assumed it was owned/run by the non-profit WordPress foundation.
    • This foundation does NOT actually own or control WordPress.org.
    • Wordpress.org is in fact, owned/run soley by Matt (suprise!)
  • The WordPress foundation is a 501c3 non-profit organization.
    • What it does exactly is unclear.
    • The Foundation has a board, and the board has 3 peope, one of whom is Matt.
  • WordPress.com is a commercial hosting company, run by Automattic.
    • this is a revenue source for Auttomatic.
  • WP Engine (WPE) is a for-profit hosting company that has also acquired several very popular WordPress plugins (Advanced Custom Fields / ACF is the biggest).
    • 100% of WPE customers run WordPress *this is their only market
    • They were recently taken over by VC funding, and are in the middle of a shift towards higher profits and are not able to massively increase spending.
    • WPE is also not a great company. They have a history of treating customers badly, and quality of the hosting has been declining. speeds are slower, support is less knowledgeable, problems are more frequent.
    • WPE also recently acquired a bunch of companies with WordPress products, quality of these products declined after being tken over, support requests remain unopened. Things have been allowed to quietly die (upsetting people who use & still pay)

What happened?

  • At WordCamp US 2024, Matt Used his keynote talk to take down WP Engine, accusing them of not contributing enough back to WordPress.
    • He also asked all other companies to also contribute 5% back.
    • There is no requirement for any company to contribute anything at all to an Open Source project it is using. It would be the "right" thing to do, but that's it.
    • Before WordCamp, Matt had requested that WP Engine contribute 8% of their annual income back to the WordPress project.
      • This fee could be "paid" as cash for license to use the WordPress trademark
        • Note: "WP" was not previously restricted by the WordPress trademark -*this was changed after this specific incident. There are also hundreds of other orgs and projects using WP in the name!
      • This fee could also be "paid" in development hours spent on core contribution.
    • WPE had not responded, perhaps hoping to delay the decision.
    • Silver Lake Directory refused to speak with Matt directly (which may have angered him)
    • Matt messaged a group of higher-ups at WPE just before his keynote, sending them a photo of the stage, along with a threat to sign the agreement.
  • Some people think that Matt may have been working on a deal with WPE for about a year, and felt as though he was being mislead (which may have also been upsetting).
  • WPE was a premium sponsor of WordCamp US *the event where this attack happened.
  • After the conference:

1) Matt blocked all WPE IP Addresses from accessing wordpress.org. This includes all WPE customers, and all WPE employees.

    • This prevented WPE employees from maintaining plugins.
    • This prevented 100% of sites hosted by WP Engine from being able to get automatic updates, or info about security issues, creating a huge security risk.
    • This was such a big deal and there was so much push-back that the next day, Matt granted WPE a 3-day reprieve to "work something out"
    • I think something was worked out, because these IPs are not currently blocked.

2) Matt also changed the requirements for creating a new accounts on wordpress.org at this time: people needed to confirm they were not affiliated with WPE.

  • Since WPE was not able to access the site, the very popular plugin Advanced Custom Fields became "unsupported".
  • Auttomatic then took control of the Advanced Custom Fields plugin, because unsupported projects on wordpress.com may be taken over by others.
  • Automatic then forked the plugin, changed it's name, and made the new plugin available at the location of the old plugin (essentially tricking people)
    • The new ACF plugin is labeled as being owned by "the community"
    • There is a call out to community members asking for help with maintenance
    • but the new ACF plugin is still being maintained by Automattic
  • To solve the problem that all sites on their platform could not access critical security updates *WPE created a mirror of wordpress.org that their sites were able to access.
  • AspirePress has built alternative infrastructure to replace wordpress.org if needed, or serve in parallel to diversify.

The fallout:

  • WPE is suing Auttomatic and Matt personally for the "torturous" treatment of their customers, and recently added anti-trust to these suits.
    • Matt and Automattic are counter-suing.
  • After this happened, 8% of the employees at Auttomatic left immediately. A buy-out was offered to all employees, this buy-out was architected by the head of HR, who also took the buyout. (That person had been working there for the most of Automattic's history)
    • Severance was 6mo slaray paid in lump sum (but no benefits).
    • Offer also stated that employees who took the buy-out were not to be eligable for re-hire with Automattic ever again (contrary to the standard practice)
    • Employees were given 3 days to decide (which maybe illegal in California?)
    • After the first wave of employees left, and while HR was busy, Matt made a second offer to employees, but this time they were given only 4 hours to decide, and it needed to be done via private message to Matt.
      • This offer was allegedly intended for one person in particular, and others had also accepted the offer but didn't hear back.
  • Communication about the issue has been happening primarily on the wordpress.org slack channel, but people are being quickly banned from that platform when speaking out. (Rumor is that emoji use is being monitored, bulk-bans have been based on negative reactions)

Massive failure with governance

  • nobody knew that Matt had all this power over all the infrastrucure with no checks or balances on his ability to do something like this.
  • there are renewed efforts to create a more reasonable leadership, but Matt is hostile towards any changes.

Who has been impacted most by the drama?

  • Now all plugin developers are afraid that this could happen to them.
    • Using wp.org to host a free plugin is hte #1 businesses get noticed
  • Other hosting companies are worried about being targeted
    • Auttomatic has done a bunch of reaching out to other companies letting them know Matt's not going to come after them
  • WPE customers are wondering if they need to leave WPE
  • Wordpress users are wondering if they need to leave WordPress entirely
Retrieved from "https://devsummit.aspirationtech.org/index.php?title=Wordpress_2024&oldid=3302"