To start, if you haven’t heard about the #wpdrama that’s taken over WordPress in the last month, congratulations 😊. I imagine you’ve had a comparatively stress-free October, and hopefully got to spend lots of time outdoors.
There are many, many, many posts, videos, and commentaries about everything that’s happened. I won’t go into the full details, but here’s a condensed version for those of you who are new here.
Skip to the next section if you know all of this already.
#The players
#WordPress
WordPress is an open-source software platform for building websites. It’s what this site is built with 🧡. WP Fusion is a plugin (another piece of software) that runs on your WordPress website, and helps you connect your website with your email marketing software.
By some estimates WordPress powers 43% of websites, so it’s kind of a big deal.
WordPress was created in 2003, based on another older piece of blogging software, by two guys named Mike and Matt.
Matt continues to oversee development of WordPress. He chooses who is allowed to work on it, and what features are prioritized for development.
#The WordPress Foundation
The WordPress Foundation is a non-profit organization that was founded in 2010. Its main goal is to protect open-source software and ensure that WordPress remains freely available and developed by a global community.
The foundation holds the trademarks to the WordPress logo and the name “WordPress”, as well as “WordCamp“. The stated goal of the Foundation is to maintain the open-source nature of WordPress, independent from commercial interests.
The Foundation is also run by Matt.
#WordPress.org
WordPress.org is the home of the free and open-source WordPress project. It’s where anyone can go to download WordPress for free. It’s also where development on WordPress is organized, and conversations around WordPress happen in the official Slack channel, tied to each user’s account on WordPress.org.
WordPress.org is also the home of the plugin repository, which is a directory of over 60,000 free plugins that anyone can download and install on their WordPress website.
WordPress.org plays a critical role in ensuring plugins are secure and follow the open-source principles of the WordPress project (free to use, modify, and distribute).
When a plugin author releases an update to a plugin on WordPress.org (like we regularly do with the free WP Fusion Lite), WordPress.org sends the update out to everybody else’s WordPress sites. It’s like the App Store of WordPress.
WordPress.org is personally owned by Matt.
#WordPress.com
WordPress.com is a commercial website-building platform. It uses the free WordPress software, but it’s a hosted service. That means you don’t need to worry about setting up your own hosting or downloading the software—everything is managed for you. WordPress.com is run by a for-profit company called Automattic.
Automattic is widely considered the largest hosting company in the WordPress space. It also owns popular brands such as WooCommerce, Jetpack, Tumblr, and (I was surprised to learn) Longreads.
Automattic is a privately held company, and is backed by private equity firms such as Tiger Global Management, Salesforce Ventures, Insight Venture Partners, and others. They generate about US$700 million per year in revenue, and have been valued at US $7.5 billion.
The founder and CEO of Automattic is, you guessed it, Matt.
#Conflict of interest
Some have raised concerns about the legality of this business arrangement. I won’t get into those here.
I think it’s enough to point out the inherent conflict of interest in having the same person: a.) act as the public face of the WordPress community, b.) protect the WordPress trademarks, and c.) guide the development of the open-source WordPress project, all while d.) his majority stake in the for-profit Automattic has given him a net worth close to US$400 million.
Matt has styled himself as the Benevolent Dictator for Life, and we’re expected to trust that his priorities are aligned with promoting open source, fostering community well-being, and ensuring a level playing field for independent companies to thrive—without the risk of preferential treatment for Automattic or any other affiliated entities.
The drama over the past month (some might say over the past six years), basically comes down to this conflict of interest, and to what degree you trust Matt to do the right thing.
#How this affects WP Fusion
On October 12th, Matt shocked many people in the WordPress community by forcibly taking over a popular plugin on the wordpress.org repository called Advanced Custom Fields, which was in use on over 2 million websites.
“ACF” is developed by WP Engine, a competitor of Automattic.
The plugin was re-titled “Secure Custom Fields“, but otherwise unchanged. The plugin code, URL, file names, thousands of reviews, and even links to documentation still referenced Advanced Custom Fields, which is trademarked by WP Engine.
WP Fusion also has a free plugin on wordpress.org, called WP Fusion Lite. We also have a registered trademark for the name WP FUSION.
We are committed to making this plugin free, forever, to anyone who wants to integrate their WordPress website with their CRM.
Seeing ACF forcibly taken from its rightful owners, in violation of community standards (and possibly trademark law), left us scrambling to make sure our intellectual property was properly protected.
#Wait, aren’t WordPress plugins open source and free to modify?
Yes! The beautiful thing about WordPress, open source, and the GPL license is that everything we create is free to read, modify, and redistribute as you see fit.
We borrow lots of code and ideas from other plugins, many other plugins borrow code and ideas from us.
This fosters a vibrant and competitive marketplace, allowing anyone with a good idea to launch a new product without having to worry about being similar to something that is copyrighted by an established player.
However, while our code is free to copy, our trademark protects our business in trade.
It’s how, when you purchase from us, you know you are getting the real WP Fusion from the original company who created, maintains, and supports it.
Somebody could take our code, rename it “Awesome CRM Connector”, create their own website and documentation, and this would be perfectly legal ✅
However, if someone built a website at https://betterwpfusion.com/ and sold our plugin using our name and logo, this would be a trademark violation, as it has the potential to deceive customers as to who they are purchasing from.
Our code is free, but the trademark protects the many years we’ve spent establishing a brand identity and a reputation as creators of Very Good Plugins (our company name 🤓).
As Matt has stated repeatedly, you have to protect your trademarks.
#Trademark confusion at WordPress.com
In September 2023 it came to our attention that WordPress.com (the for-profit hosting service) had copied all of the free plugins from WordPress.org and was now displaying them in a private directory, exclusive to WordPress.com hosting customers.
These pages were made public, indexed by search engines, and in some cases ranked higher than the free versions on WordPress.org.
Further, it was no longer clear that the plugins were free. The text next to each plugin reads, “Free on Business plan“, and clicking the link prompts you to create an account at WordPress.com and sign up for premium hosting.
This created confusion among users who would contact our support (for paying customers), and expect priority responses or premium features because they had “paid” for the plugin, when they hadn’t paid us anything— they’d only paid WordPress.com for hosting.
While we knew about this for some time, I didn’t quite know what to do about it.
I didn’t want to start a legal dispute with Automattic and possibly damage our reputation.
And, generally, I trusted Matt. I assumed he had a competent legal team that had already reviewed the legality of copying our plugins, and that he was acting in the best interest of the community.
#The cease and desist
The events of the past month have made me realize a few things:
- I don’t trust Matt.
- Matt doesn’t appear to be taking advice from legal counsel.
- Always defend your trademarks.
With those points in mind we sent a cease and desist letter to Automattic and WordPress.com on October 12th, asking for WP Fusion Lite to be removed from WordPress.com due to the potential for confusion regarding the affiliation of the WP Fusion brand.
This was a difficult decision to make, as Matt has been known to use the resources of WordPress.org to personally retaliate against perceived threats to Automattic.
There was a very real chance we would be removed from the free .org repository as well, blocked from the Make WordPress Slack, and/or banned from sponsoring future WordCamps (we sponsored WCAsia in 2024 and look forward to sponsoring WCEU in 2025).
Thankfully WP Fusion Pro does not require the free version to function, and we have been delivering updates to our paying customers via our own servers for many years.
We had a plan in place to begin delivering Lite updates via our own servers if the worst came to pass.
#Automattic’s reply
Automattic’s General Counsel responded on October 18th.
They have agreed to take down the listing from wordpress.com, and it is no longer available at https://wordpress.com/plugins/wp-fusion-lite.
The top result in searches for “WP Fusion Lite” is again the WordPress.org listing, where anyone can download the plugin for free.
It’s been a stressful week, but I’m glad we were able to resolve the situation amicably, and clear up any potential confusion for our users.
#What’s next?
It seems like every week there is another unexpected move from Matt that throws the WordPress community into chaos.
I wish it were all over, but it doesn’t show any sign of ending soon.
I would like to imagine a future where Matt is either the CEO of Automattic, or the champion of the open source project.
I have nothing against him personally— I hear that he’s a great person to work for, and I’m appreciative of all the things he’s done for the open source movement. But as long as Matt’s motivations with WordPress are tied to his profits at Automattic, he can’t be trusted.
Edit: Oct 27th 2024: At a couple of points in this post I linked to https://bullenweg.com as a resource for Matt’s history of duplicitous behavior. That site has since been taken down, following threats of legal action:
While it is still available via GitHub and the web archive, it’s no longer being updated. I’ve updated the links to point to https://mattengine.com/.
13 thoughts on “Regarding our Cease and Desist letter to Automattic”
> I hear that he’s a great person to work for
This does not match my experience as a former Automattician.
Kudos to you for acting swiftly and protecting your wonderful plugin! I hope others will follow your example.
So by “no longer available to .com customers” do they block your free and paid plugin now in general on .com in all their plans which would allow own installation of plugins? Wouldn’t be surprised.
The free plugin no longer appears for .com customers who search within the WordPress admin at Plugins >> Add New.
.com customers can still install the free version from .org by downloading it and uploading it. And the paid / full plugin continues to work on .com without interruption.
Thanks for testing the current state at .com, fingers crossed that it will continue to be like this.
Have a feeling they will enforce a “valid signature only” plugin install “due to security for community” or similar at some time in future first in .com and later also in .org version to lock plugins to .com and/or .org repository and effectively gatekeep the plugins and themes through a by them controlled signature process, which could be (ab)used to lock out certain third party plugin updates.
See e.g. in core $check_signatures param since WP 5.2 in download_package() and same but different named $signature_verification param in download_url() which currently has e.g. this warning note when signature fails:
And they might also introduce and/or force monetization in repository.
See e.g. schema structured data at .org repository since quite a while, also at your plugin source code of plugin page, note the “seller” there:
Interesting times.
Thank you for doing this. When i started building with Word Press 4 years ago i was very confused when searching for plugins on Google and had a hard time finding the free versions because SEO. A friend told me to always go directly to wordpress.org first and search there or else I wouldn’t find what I was looking for. Now I understand why.
Reasonable decision, Jack. All the best to the VGP team.
Thank you for being possibly the only company I’ve seen other than WP Engine themselves taking any action at all. I emailed my hosting company (which I’ve used for years and love) to tell them that I’m disappointed that they haven’t stood up for WPE and I got back a form letter about how they’re “monitoring the situation closely” and “committed to protecting their customers” and some other corporate bull, but no action. Everyone is afraid of Matt so nobody is willing to take action, but this is so clearly dangerous to the future of WordPress and open source, we need a mass movement like this or WordPress will fundamentally change.
Thank you for your clear explanation and update both on the full situation so far and your response.
It is concerning seeing this situation unfold so updates from those companies involved like yours is really appreciated – as is your fantastic plugin!
Thanks for sharing, Jack. I think you should be fine. It shouldn’t boil over from WPE vs Matt / Automattic
I’m a bit confused about your trademark claims. I agree that Joe Public can easily confuse the legal differences between WordPress.com and WordPress.org.
However, it’s a bit tenuous to suggest that end users might misunderstand who owns the trademark of a plugin because of where they downloaded it from. I think most end users, if not all, fully understand plugin ownership and would not consider any company just providing mirror hosting to be infringing on your trademark. How search engines rank their position is moot.
Moreover, I suspect any member of the non-technical community once told how developers name and distribute their plugins would conclude that Automattic has not infringed on your copyright.
As you state, you do not trust Mr. Matt Mullenweg, ostensibly to many; your reasons are plausible. However, the legal system shouldn’t be used as a personal tool to convey that. I can’t speak on behalf of anyone, but I reckon you could have just provided your reasons and asked Automattic to remove your plugin from their mirrors and feel confident they would have.
You may be right that we could have sent them an email asking for it to be removed and gotten the same result, but it’s hard to say. As far as I know no one has done this successfully. I also wanted to set a concrete timeline, thus a cease and desist felt like the most expedient approach.
The mirror hosting isn’t an issue. There are now several mirrors of the .org repository where our plugins are listed and can be downloaded for free. See https://10web.io/wordpress-plugin/wp-fusion-lite/ for example. WP Engine also has a private repository that hosts our plugins, but it’s only available to their customers and isn’t publicly indexed.
My main complaint is that someone searching for “WP Fusion Lite” would see wordpress.com as a top result, and clicking the “Get Started” button leads them to sign up for wordpress.com hosting. This has the potential to confuse users into either a.) thinking they have to pay for something that is actually free, or b.) that they are buying a premium plan from us, when in fact they’re just buying premium hosting from Automattic.
In the past I might have asked more politely, but I have no love for Automattic at the moment, and since it’s within our right as a trademark holder to request its removal, that seemed like the best course of action.
I appreciate your response and understand a bit better now. However, this still comes across to me as legally flawed reasoning and more like you choosing the closest fit law to pursue a different agenda.
You should of course have first dips on potential customers for your plugin, and your site should be above anyone else’s who offers your plugin, but isn’t that an SEO issue, not a trademark issue?
I find it difficult to believe that this is anything other than you picking one side over another. No problem with you picking your side, but be wary that you’re not setting others up for failure by taking a legal course of action that others may follow that is not, in my humble opinion, sound.
It’s fascinating to witness the evolving dynamics between open-source platforms and commercial entities, as seen with the cease and desist letter to Automattic regarding the WP Fusion trademark. Protecting a brand in the open-source ecosystem, where everything is freely available for modification, can be a complex task. I’ve had a similar experience where the balance between openness and trademark protection became crucial in ensuring a project’s integrity. For example, while building custom AI solutions for clients, we’ve always had to ensure that the proprietary elements of our AI systems were clearly distinguished from open-source models to avoid any confusion.
It also raises an interesting question about the long-term sustainability of open-source ecosystems when commercial interests start to dominate. Do you think it’s possible for these platforms to maintain a balance between innovation and ethical monetization without jeopardizing user trust?
I’d love to hear your thoughts.