In the latest chapter of the ongoing dispute between Automattic and WP Engine, a new plugin “Secure Custom Fields” (https://wordpress.org/plugins/secure-custom-fields/) has been added to the Plugin Repository by WordPress.org. This plugin has 90+ active installations and exhibits the features of ACF Pro plugin like repeater, flexible content, clone fields gallery, options pages, and ACF Blocks.
Last month, WordPress.org took over WP Engine’s ACF plugin, citing security issues, and renamed it Secure Custom Fields (https://wordpress.org/plugins/advanced-custom-fields/)
David McCan from WebTNG, has a detailed video analyzing the new plugin. He shares that the update check and license check functionality from ACF Pro has been removed. He remarked “This seems like a classic case of a null plugin which is now being hosted in the WordPress plug-in directory. So I’m wondering if this is even a legal Fork. I’m not an expert in software licensing law but my understanding is you need to preserve the original copyright notices when you fork a plugin. it’s one of the requirements.”
Prominent voices have weighed in on the controversy. Gergely Orosz of The Pragmatic Engineer newsletter tweeted, “Automattic – the creator of WordPress, a company raising $950M in VC funding – took a paid WordPress plugin built and owned by another dev and re-published it, making it free. If you have a business selling a paid WP plugin: Automattic can null it, anytime. Another new low.”
Duane Storey shared in X that ACF is now “an officially registered trademark of WP Engine.” He also said, “Sounds like what’s being put into the WordPress repository is basically a nulled version of ACF Pro without some of the copyrights. It’s clear Matt’s no longer a champion of any of the things he once said he was. I left a review. “
Tim Brugman, a Full-Stack Developer, pointed out,