Using WordPress is risky
November 1, 2024
It’s been a couple of weeks since I last wrote about WordPress. Stuff’s been happening in the background, but I’ve been trying to ignore it. This morning I read a story that bothered me enough to require another round of therapy-by-blog-post.
First up, a couple of things that have happened recently. One is that Matt Mullenweg wrote a post about how his freedom of speech was being curtailed by WP Engine. My reading of the post is that blocking WP Engine from WordPress.org is “speech”, and WP Engine shouldn’t be allowed to file an injunction to prevent this. Several people in the community pushed back.
I’m not a US citizen, or an expert on the First Amendment, but I find the “free speech” argument a bit weird. Mullenweg has been blocking people on X and disabling people’s WordPress.org accounts if they disagree with him. He also threatened the person running bullenweg.com with legal action. The site, which had been chronicling the drama, has since been taken down. These don’t seem like the actions of someone who values free speech. Anyway, if you’re looking for a place that follows the drama, there’s now Matt is not WordPress. It has more examples of people being blocked from official WordPress resources.
This all felt aggravating and stupid, but it wasn’t anything new. I continue to believe that Mullenweg only wants yes-people around him, so these actions fit. This morning, though, I read an article from The Verge covering the latest legal filing from Automattic/Mullenweg. It’s a light piece, but it highlights some passages from the filing. One of them made me feel like I was going mad.
Here it is from a PDF of the filing uploaded by The Verge. You’ll find this on page numbered 6 of the PDF, starting on line 5:
The mere fact that WP Engine made the risky decision to base its growing business on a site to which it has no rights or guarantee of access, without making backup plans, is not enough for it to conjure a claim out of legal thin air. Similarly, WP Engine’s business decision to rely on Matt’s Website does not provide any legal or factual basis for muzzling Matt and preventing him from criticizing WP Engine for acts that he believes are damaging the WordPress community.
So, there’s a lot here. First, I want to say that I don’t believe that anyone has tried to “muzzle” Mullenweg. He’s free to say his piece, and he’s certainly been doing so! By my reading, the injunction from WP Engine doesn’t require that Mullenweg not speak out against WP Engine, it instead says (on page numbered 25 of the PDF, starting on line 18):
WPE respectfully requests that the Court issue a preliminary injunction restoring and preserving the status quo as it existed prior to Defendants’ wrongful actions described above. The preliminary injunction requires no security because returning the situation to the status quo will have no negative effect on Defendants.
In short, “we’d like to have access to WordPress.org back until this case is settled”. I could be missing something, but I’m not seeing anything “muzzling” Mullenweg from “criticizing WP Engine”.
But that’s a smaller point. The bigger one to me is this: “WP Engine made the risky decision to base its growing business on a site to which it has no rights or guarantee of access”. The site referenced here is WordPress.org. This is a site that, to a first approximation, everyone had believed was part of the WordPress community before this whole mess kicked off. Mullenweg’s legal team seems to be arguing that it’s risky to rely on WordPress.org. The problem is, everyone using WordPress relies on WordPress.org.
This is crazy-making. WordPress.org has become a cornerstone of the WordPress ecosystem. It allows for automatic updates of WordPress and plugins, it’s where people discuss the future of the platform, it’s where new plugins and themes are uploaded by developers, and a lot more besides. This new legal filing makes it crystal clear that Mullenweg has sole discretion over who can access it. If he’s ever upset with you for any reason, he can turn off your access or take over your plugin. I think that should deeply frighten anyone using WordPress today.