The WordPress Saga

There’s a fun stat that gets thrown around every so often that goes something like “75% of the internet was built on WordPress.” While not exactly true, it’s directionally correct. A giant chunk of the internet was indeed built with WordPress. Released in 2003, it is sort of in the background of the modern tech world, so you might not think about it much. Recently however, WordPress (and variations of it) has been all over the media lately in strange and confusing ways. So, we thought it might be helpful to explain the who, what, and (maybe) the why of what’s happening.

• Content Management System (CMS): software that allows users to create, update, and delete digital content without (necessarily) coding or programming. Built for collaboration, they typically include things like drag-and-drop editing, document management, and other components. Aside from WordPress, names like Shopify, Drupal, and Wix are in this category (I’m trying really hard to keep things professional and not negative re: some of these services since uh well, there is a reason WP is the leader).
• WordPress: one of the biggest and most established CMS technologies today. I’ll elaborate in the actual piece, but the most important thing to remember is that whenever you see ‘WordPress’ by itself, it refers to the open source technology and project itself, not a specific business, individual, or organization.
• WordPress Foundation: a nonprofit created to steward and support the open source technology, community, and overall ecosystem. For no particular reason, I would like to emphasize that this is a nonprofit.
• WordPress.org: a website and associated digital assets (domains and all that fun stuff) that serves as the central hub for the WordPress open source community. Things like plugin catalogs, documentation, discussion boards, etc. Somehow, this is separate from the WordPress Foundation itself (I wish I could tell you why).
• WordPress.com: noticing a theme? This variation of the term ‘WordPress’ is a (legally registered) company providing products and services for managed hosting and support of WordPress sites and blogs.
• Automattic: a legal entity and corporation that funds, develops, and operates several commercial projects in the WordPress and open source world, including WordPress.com amongst others. It sits above its portfolio groups and was founded and run by Matt Mullenweg. Besides the hosting services that their portfolio company WordPress.com provides, Automattic has ventures focusing on integrations, plugin development, and a variety of other services that commercialize the WordPress platform. Also, for some reason, they own Tumblr (that is a story for a different day).
• WP Engine: managed WordPress hosting provider that has grown to become one of the larger commercial entities in the WordPress ecosystem. Founded in 2010 and acquired by a PE firm in 2018, WP Engine provides hosting, security, and other services for WordPress sites, while also contributing to the broader WordPress community through sponsorships, plugin development, and educational resources (some may argue if they contribute enough, but we’ll get to that later)

Let’s start at the beginning. All the way back in 2003, the cool thing to do was…blog. The web ecosystem back then was a far cry from today, and starting a blog wasn’t easy, especially for newbies (about 98% of the population). Some proto-frameworks/CMSs emerged to simplify this, like “b2/cafelog.” It was extremely popular when it was released, but before long, its original developer (Michel Valdrighi) sort of…left the scene, and it stopped being maintained. However, a couple of enterprising developers and contributors to the original project (Matt Mullenweg, Mike Little) decided to keep the dream alive (sorta). They forked the original project, tidied it up a bit, and released it as “WordPress,” an open-source platform under the GNU General Public License (for those not in the field, this is basically a type of license for software that guarantees people have the freedom to run, share, and modify the software).

How did this release go? In short, incredibly well. They shipped an official 1.0 version about a year after the original, which has some of the components that are most recognizable about modern WordPress, namely plugins. Plugins allowed developers to extend the base capabilities of the platform and were key to the rapid adoption of the system (along with some fumbles from competitors at the time i.e. Movable Types). After a couple of years of rapid releases adding modern features (like the WYSIWYG editor), WordPress became the leader in the space and Matt Mullenweg went all in. As the original developer and “idea” guy, Matt became the face of the platform and formally created a corporate vehicle called Automattic. Automattic did the whole tech startup song and dance, raised venture capital, hired top contributors to the open-source WordPress project. As part of this, uh, growing-up phase, Automattic went ahead and trademarked the WordPress brand name and logo.

This flurry of rapid releases, adoption, and major developments continued over the years, and by 2010, WordPress powered a majority of the sites on the internet. It’s at this point that a new legal entity entered the space…the WordPress Foundation. Founded by Matt (noticing a pattern?), the foundation was (on paper) a non-profit aiming to “democratize publishing through open source.” Importantly, once the foundation was set up, Automattic transferred ownership of the brand assets to the foundation. The open source community in particular was quite happy about this change since a lot of the contributors felt that one single for-profit vehicle owning something that was shaped by people all over the world was a bit against the core ideals of the project. This relationship continued over time, with the foundation fostering and nurturing the software and community, while Automattic launched several products and services that commercialized the software, including a managed hosting service called…WordPress.com.

By 2024, the WP ecosystem included not just all the organizations mentioned above, but a rather large universe of agencies, developers, managed hosting providers, and a variety of other businesses who (similarly to Automattic), applied and commercialized the open source WordPress software. This is a common outcome of modern projects, where the underlying technology remains free and available, but vendors rise to add services, functionality, or any number of unique offerings to create a product or business on top. Some of the larger players to come up in this space included Blue Host, Site Ground, and WP Engine (dun dun dun).

So, that’s the timeline: early web enthusiasts built an open source content management system, which rapidly grew and became the de facto leader in its space, and an industry grew alongside, with startups, companies, and nonprofits all playing a role. Let’s turn to what’s happening today.

Until recently, the WordPress universe had been fairly calm. The open source community that had grown around the technology over the decades was one of the largest globally and while newer, “cooler” technologies had emerged (i.e native code solutions and frameworks like React), WordPress remained one of the most used software projects in the world. And then, well, then the blog post heard around the world happened.

In late September, Matt Mullenweg gave a keynote talk expressing concerns about people exploiting the open source community (amongst other things). Soon after, on September 21st, 2024, he elaborated on his points and published a (rather short) post titled “WP Engine is not WordPress” (linked in the references section). I’ll provide a summary here in a moment, but I highly encourage everyone to read it. Here’s my tldr:

In his post, Matt argues that WP Engine’s marketing, advertising, and branding lead people to think they’re buying WordPress, but (from Matt’s perspective), they are not and WP Engine is profiting from this misdirection. He mentions a couple key points to support his stance:

• WP Engine is owned by a private equity firm, Silver Lake, with $102B AUM (aka they are people with money) which has led the open source community to “hollow out”.
• He mentioned WP Engine does ~half a billion in revenue on top of WordPress and contributes ~40 hours a week to the open source project (compared to Automattic’s ~3,915 with similar revenue).
• Further, he points out that one explicit way that WP Engine takes advantage of the community by disabling the native WordPress revision ability. From Matt’s perspective, revisions are a key part of what defines the WordPress platform and disabling it “strikes to the very heart of what WordPress does.”
• He posits that they disable the storing of historical content and the revisions feature because it costs money and they don’t care about the user’s content enough to live with those costs.
• He finished by saying that what WP Engine gives users is, uh, “something that they’ve chopped up, hacked, butchered to look like WordPress, but actually they’re giving you a cheap knock-off and charging you more for it. This is one of the many reasons they are a cancer to WordPress, and it’s important to remember that unchecked, cancer will spread. WP Engine is setting a poor standard that others may look at and think is ok to replicate. We must set a higher standard to ensure WordPress is here for the next 100 years.”

As you can imagine, this post sparked a lot of discourse, debates, and (naturally) legal action. Aside from general (online) chatter, the next big moment in the saga came from WP Engine’s side, who sent Matt a cease and desist letter. Once again, I’ll provide a summary here, but I encourage everyone to read it (also linked in the reference section):

• Basically, Mullenweg and other Automattic folks (the CFO is mentioned) allegedly threatened a "scorched earth nuclear approach" against WP Engine if they didn't pay a large sum of money before his September 20th keynote at WordCamp US. They uh also asked them to pay a % of their revenues on an ongoing basis.
• Leading up to the talk, Matt also sent WP Engine execs and board members (like a lot of) texts and emails hinting at his scorched earth nuclear approach (yes, there are indeed screenshots)
• After WP Engine refused to play ball, the whole scorched earth thing kicked off with the keynote and subsequent blog post.
• The letter made an explicit point of pushing back on Matt’s allegations against the product, specifically their support of the community and the whole IP thing (quotes below):
  • “Contrary to Mr. Mullenweg’s statements that WP Engine does not contribute to his narrow and self-serving definition of the WordPress community, WP Engine has been deeply dedicated to advancing the use and adoption of WordPress through innovation, investment, and active community involvement. WP Engine has contributed tens of millions of dollars in ongoing support for the broader community through events, sponsorships, and the development of educational resources, including sponsorship of WordCamps worldwide and producing DE{CODE}; educating and empowering the WordPress community through content like the WordPress Roundup and the Building WordPress series; hosting, funding, and actively maintaining multiple Open Source projects (e.g., ACF, WPGraphQL, faust.js) within the ecosystem used by millions of websites around the world; and producing informative webinars, podcasts, and tutorials.”
  • As for Mr. Mullenweg’s claim that WP Engine is misusing the WordPress trademark, that too is false, and reflects a profound misunderstanding of both trademark law and WordPress Foundation’s trademark policy. First, WP Engine’s use of “WP” is explicitly permitted by WordPress Foundation’s trademark policy: “The abbreviation ‘WP’ is not covered by the WordPress trademarks and you are free to use it in any way you see fit.” Moreover, WP Engine’s use of the WordPress mark is entirely compliant with governing trademark law.
• Another crucial point in the letter is that all of Matt’s actions so far show a conflict of interests, specifically mentioning that his actions are a “clear abuse of his conflicting roles as both (1) the Director of the non-profit WordPress Foundation, and (2) the CEO of at least two for-profit businesses that compete with WP Engine.“

After this letter was sent and made the online rounds, the discourse intensified and the dealings between the companies spilled over to social media, with Matt continuing to post through it and uh definitely not ceasing and desisting. The next big punch came from Automattic, who sent a counter cease and desist letter to WP Engine (I will spare you the tldr of this one since it basically reiterated Matt’s post in legalese). After this fun game of legal letters, WP Engine escalated it to the next step and filed a suit against Automattic (the company) AND also Matt (the individual). The lawsuit is quite long, but it has some interesting tidbits that seem important to share:

• The suit was officially for the several charges, including these (amongst others) —> Intentional Interference with Contractual Relations, Computer Fraud and Abuse, Attempted Extortion, Libel, and Slander.
• Once again, Mullenweg's potentially conflicting roles as director of the non-profit WordPress Foundation, controller of wordpress.org, and CEO of for-profit Automattic are highlighted.
• Automattic allegedly has an exclusive, royalty-free license to the WordPress trademarks, despite public statements suggesting the trademarks were transferred to the non-profit WordPress Foundation. In fact, the suit says that the same day that the transfers were announced, Automattic filed for an exclusive license.
• WPE alleges Automattic allowed their trademark use for over a decade before suddenly demanding payment.
• Automattic tried to poach WP Engine’s CEO and then threatened to paint it as a defection to both the press and the board when the CEO did not take the gig.

Matt’s response to this has included:

• Require developers contributing to the open-source project to check a box stating they aren’t “affiliated with WP Engine.”
• Blocking WP Engine from accessing WordPress.org, limiting their ability to maintain the projects and plugins they provide to the community.
• Forking one of said plugins, “Advanced Custom Fields” and updating it as a new plugin called “Secure Custom Fields” (uh yep that’s as sketchy as it sounds)
• Offering to pay his employees a (pretty hefty) severance package if they disagree with his actions and want to leave (hint: people took him up on it)
• Posting through the whole thing on various platforms, including the former bird site and that orange hacker one.

As tensions have escalated, the discourse has spread to include other prominent developers and technologists in the open source space, including David Heinemeier Hansson (aka DHH), and this has splintered into various blog posts, tweets, and articles. I didn’t really cover them in this piece because while relevant, they have devolved into very personal type of posting and I’d rather focus on material events, legal documents, and just a generally more grounded overview.

Anyway, the saga isn’t over, as the situation is unfolding in real-time on social media and the courts of California, but consider these points now that this information has come to light:

A) What exactly is the strength of distributed governance and splitting commercial and nonprofit entities if one person is still running the show at each of these entities?

• The public perception of the governance around the WordPress project was that while extremely influential as the original developer and key contributor (soft power in some ways), Matt’s actual hard power (legal and commercial rights) were limited to preserve the open nature of the project.

• This perception was incorrect, as evidenced by the legal filings. The actual governance is more along the lines of something like this (full credit to OP: https://x.com/lazerwalker/status/1845146696483037546):

B) How should a community react when a prominent contributor and original developer of a project mischaracterizes their actions, dealings, and ownership to the press and the market?

• This might continue the web’s splintering era. If this chaos continues for much longer, you could see a huge rise in forks, clones, and derivatives that come to the market to compete with WordPress and fill the newly discovered gap in the world of open platforms. WordPress’s very origins came from forking an earlier project, so this would be an ironic twist.

• A parallel trend to consider as well is the dawn of the new web AI era. Conflicts exist between open content and platforms and data collection for model training. This splintering effect, combined with increased concern for open content harvesting, could endanger the idea of open source software at a more philosophical level. It’s worth asking, are we creating a world where open source projects can’t reach the scale that WordPress had at its peak?

C) Decision makers worldwide used to choose WordPress without a second thought when it came to anything slightly CMS-related. How will these recent events change this?

• It’s increasingly looking like people will need to price in the governance risk from recent events, impacting procurement and security. A dangerous red flag in this whole scenario has been components and plugins being blocked from updating, leading to huge vulnerabilities.

• Something else to consider is the intellectual property issues raised. After seeing plugins appropriated without warning, most developers will rethink building on top of the WordPress platform and its underlying technology.

The escalating tensions between Automattic and WP Engine over the past month have exposed fundamental challenges within the modern web and the open source ecosystem. This conflict raises important questions about the nature of open source governance, the responsibilities of commercial entities building on top of open platforms, and the long-term viability of WordPress as the dominant CMS.

The heart of the issue (as it often is) is the delicate balance between the open, collaborative ethos of a community-driven project and the interests of the various companies and organizations that build businesses around it. The original accusations speak to this balance and conflict, evidenced by Mullenweg's accusations of WP Engine "profiting off the WordPress brand" without adequate contribution back to the project.

Moreover, the revelation of Mullenweg's triple roles as 1) head of the non-profit WordPress Foundation, 2) CEO of the for-profit Automattic, and 3) owner and operator of the wordpress.org site and domain as an individual raise concerns about the concentration of power and potential conflicts of interest. If a single individual controls such a critical open source project, how can the community be assured of true distributed governance and transparency?

These events also underscore the risks companies face when building products and services on top of open source foundations. The ability of WordPress to unilaterally block access or fork critical plugins demonstrates the fragility of that foundation and calls into question the long-term stability and reliability of the platform.

As the WordPress saga continues, decision-makers globally must weigh these governance, technical, and commercial risks against the undeniable benefits that the platform has provided. The outcome of this conflict could have far-reaching implications for the future of WordPress, and for the broader open source ecosystem that has come to underpin so much of our modern digital landscape.

References:

• https://b2evolution.net/about/b2evolution-vs-wordpress
• https://wordpressfoundation.org/news/2022/what-is-the-wordpress-foundation-and-why-does-it-exist/
• https://techcrunch.com/2024/10/12/in-latest-move-against-wp-engine-wordpress-takes-control-of-acf-plugin/
• https://wordpress.org/news/2024/09/wp-engine/
• https://wpengine.com/wp-content/uploads/2024/09/Cease-and-Desist-Letter-to-Automattic-and-Request-to-Preserve-Documents-Sent.pdf
• https://www.404media.co/wordpress-checkbox-login-wp-engine/
• https://techcrunch.com/2024/09/23/wp-engine-sends-cease-and-desist-letter-to-automattic-over-mullenwegs-comments/
• https://old.reddit.com/r/SubredditDrama/comments/1g4pr8f/wordpress_the_software_is_currently_embroiled_in/
• https://x.com/lazerwalker/status/1845146696483037546

This is most definitely not legal or financial advice. Everything noted here is based on legal documents, public statements, and posts. I'll even go ahead and say everything noted here is alleged.