In a sharp escalation of tensions, WordPress co-founder and CEO Matt Mullenweg has publicly criticized WP Engine, a popular hosting provider, while also cutting its access to WordPress.org’s resources.
The dispute centres on legal and trademark issues, with Mullenweg accusing WP Engine of both profiteering off WordPress’s open-source platform and damaging its community.
On 25 September, Mullenweg posted a scathing blog on WordPress.org, stating that WP Engine no longer has free access to the platform’s resources and calling for customers to avoid the service.
He also detailed that WP Engine’s recent actions disrupted thousands of websites. “WP Engine broke thousands of customer sites yesterday in their haphazard attempt to block our attempts to inform the wider WordPress community,” Mullenweg claimed.
The conflict appears rooted in WP Engine’s use of WordPress’s open-source platform while allegedly not contributing to its development or upholding community standards.
At the core of the dispute is WP Engine’s practice of locking down a WordPress feature that tracks revision history for posts. According to Mullenweg, this undermines a crucial aspect of WordPress’s promise of data transparency and protection.
WP Engine, in turn, has argued that Mullenweg is trying to coerce them into paying millions to license the WordPress trademark, a claim Mullenweg denies.
The host provider WP Engine has faced harsh criticism for disabling certain features in WordPress core, which, according to Mullenweg, is central to protecting user data.
“WP Engine wants to control your WordPress experience,” Mullenweg wrote, accusing the company of exploiting WordPress’s free services while making billions of dollars in revenue.
WP Engine’s inability to provide security updates and other resources leaves customers vulnerable, Mullenweg suggested, urging users to consider alternative hosting options.
Additionally, Mullenweg argued that WP Engine would need to replicate WordPress’s security infrastructure independently.
He emphasized that WordPress.org has collaborated with hosting providers to address vulnerabilities at the network layer, a service WP Engine can no longer access freely. “Why should WordPress.org provide these services to WP Engine for free, given their attacks on us?” he asked.
The ban leaves WP Engine in a precarious position, as customers who rely on WordPress plugins and themes may face significant difficulties accessing the latest updates.
These restrictions have raised alarms in the community, as outdated plugins are often the target of cyberattacks. Hackers frequently exploit vulnerabilities in WordPress plugins, potentially compromising millions of websites globally.
The dispute between WordPress and WP Engine has been simmering for some time.
Earlier in September, Mullenweg described WP Engine as a “cancer to WordPress” during a speech at the WordCamp US Summit, accusing the company of profiting off the platform without giving back.
In response, WP Engine sent a cease-and-desist letter to Mullenweg and Automattic, claiming that Mullenweg’s comments were an attempt to extort the company into paying for a trademark license.
WP Engine’s legal team also accused Mullenweg of threatening a “scorched earth nuclear approach” if they refused to comply with his demands.
The cease-and-desist letter was swiftly countered by Automattic, WordPress’s parent company, which asserted that WP Engine had violated WordPress and WooCommerce trademark policies.
The updated trademark policy on WordPress.org explicitly cautions users against assuming WP Engine is affiliated with WordPress. “Many people think WP Engine is ‘WordPress Engine’ and officially associated with WordPress, which it’s not,” the updated guidelines explain.
The legal dispute has thrown both companies and their customers into uncertainty.
While WordPress operates under a GPL (General Public License), which makes the software free for use, hosting providers like WP Engine must offer services beyond the core platform, such as user login systems, update servers, and security monitoring.
Mullenweg’s decision to sever WP Engine’s access to WordPress.org resources has already caused disruption, with many sites reporting functionality issues and concerns about security vulnerabilities.
WP Engine has pushed back against Mullenweg’s actions.
In a public statement, the company accused Mullenweg of abusing his influence over WordPress to disrupt WP Engine customers’ access to WordPress.org, calling the move “unprecedented and unwarranted.”
The company argued that the ban affected not only its users but also developers who rely on WP Engine’s tools to build and maintain WordPress plugins.
As the dispute unfolds, the wider WordPress community is left to grapple with the implications. Developers and hosting providers have expressed concern over the trademark battle, fearing that similar restrictions could extend to them.
The WordPress Foundation, which holds the trademark, has already filed to trademark “Managed WordPress” and “Hosted WordPress,” sparking debate about how this might affect commercial users.
For now, the WordPress ecosystem is in flux as users, developers, and hosting providers wait to see how the legal battle will unfold and whether WP Engine will regain access to critical WordPress.org resources.
Until then, Mullenweg’s message is clear: if you want the true WordPress experience, WP Engine is no longer the place to find it.
Editor’s note: This publication was previously hosted on WP Engine.