What I will tell you is that, pending their legal claims and litigation against WordPress.org, WP Engine no longer has free access to WordPress.org’s resources.
WP Engine wants to control your WordPress experience, they need to run their own user login system, update servers, plugin directory, theme directory, pattern directory, block directory, translations, photo directory, job board, meetups, conferences, bug tracker, forums, Slack, Ping-o-matic, and showcase. Their servers can no longer access our servers for free.
The reason WordPress sites don’t get hacked as much anymore is we work with hosts to block vulnerabilities at the network layer, WP Engine will need to replicate that security research on their own.
Why should WordPress.org provide these services to WP Engine for free, given their attacks on us?
WP Engine is free to offer their hacked up, bastardized simulacra of WordPress’s GPL code to their customers, and they can experience WordPress as WP Engine envisions it, with them getting all of the profits and providing all of the services.
If you want to experience WordPress, use any other host in the world besides WP Engine. WP Engine is not WordPress.
It has to be said and repeated: WP Engine is not WordPress. My own mother was confused and thought WP Engine was an official thing. Their branding, marketing, advertising, and entire promise to customers is that they’re giving you WordPress, but they’re not. And they’re profiting off of the confusion. WP Engine needs a trademark license to continue their business.
I spoke yesterday at WordCamp about how Lee Wittlinger at Silver Lake, a private equity firm with $102B assets under management, can hollow out an open source community. (To summarize, they do about half a billion in revenue on top of WordPress and contribute back 40 hours a week, Automattic is a similar size and contributes back 3,915 hours a week.) Today, I would like to offer a specific, technical example of how they break the trust and sanctity of our software’s promise to users to save themselves money so they can extract more profits from you.
WordPress is a content management system, and the content is sacred. Every change you make to every page, every post, is tracked in a revision system, just like the Wikipedia. This means if you make a mistake, you can always undo it. It also means if you’re trying to figure out why something is on a page, you can see precisely the history and edits that led to it. These revisions are stored in our database.
This is very important, it’s at the core of the user promise of protecting your data, and it’s why WordPress is architected and designed to never lose anything.
WP Engine turns this off. They disable revisions because it costs them more money to store the history of the changes in the database, and they don’t want to spend that to protect your content. It strikes to the very heart of what WordPress does, and they shatter it, the integrity of your content. If you make a mistake, you have no way to get your content back, breaking the core promise of what WordPress does, which is manage and protect your content.
Here is a screenshot of their support page saying they disable this across their 1.5 million WordPress installs.
They say it’s slowing down your site, but what they mean is they want to avoid paying to store that data. We tested revisions on all of the recommended hosts on WordPress.org, and none disabled revisions by default. Why is WP Engine the only one that does? They are strip-mining the WordPress ecosystem, giving our users a crappier experience so they can make more money.
What WP Engine gives you is not WordPress, it’s something that they’ve chopped up, hacked, butchered to look like WordPress, but actually they’re giving you a cheap knock-off and charging you more for it.
This is one of the many reasons they are a cancer to WordPress, and it’s important to remember that unchecked, cancer will spread. WP Engine is setting a poor standard that others may look at and think is ok to replicate. We must set a higher standard to ensure WordPress is here for the next 100 years.
If you are a customer of “WordPress Engine,” you should contact their support immediately to at least get the 3 revisions they allow turned on so you don’t accidentally lose something important. Ideally, they should go to unlimited. Remember that you, the customer, hold the power; they are nothing without the money you give them. And as you vote with your dollars, consider literally any other WordPress host as WP Engine is the only one we’ve found that completely disables revisions by default.
WordCamp US (WCUS), North America’s largest WordPress event, hosted over 1,500 attendees from around the world at the Oregon Convention Center in Portland, from September 17 to 20.
Over four days, WordPress professionals and enthusiasts came together to explore the latest advancements and use cases, collaborate on open source projects, and strengthen community connections.
Contributor Day brought together over 400 contributors across 25 teams to support the WordPress project. As with any Contributor Day, participants learned and collaborated while tackling key projects, including triaging issues, exploring performance improvements, advancing the Twenty Twenty-Five theme, and preparing for the upcoming WordPress 6.7 release.
WordPress contributors discussing all things design at WCUS 2024’s Contributor Day.
Celebrating WordPress
At WCUS 2024, the inaugural Showcase Day highlighted how enterprises like Disney Experiences, The New York Post, CNN, Vox Media, and Amnesty International are leveraging WordPress across a variety of industries. With 19 sessions, attendees gained diverse insights into WordPress’s wide-ranging capabilities and features.
Showcase day presentation by Alexandra Guffey and Katrina Yates of Disney on Gutenberg’s use in a complex ecosystem of sites.
Sustaining WordPress
Keynote presenter Joseph Jacks shares thoughts on the future of OSS.
Joseph “JJ” Jacks, founder of OSS Capital, kicked off the first day of programming with a keynote about how open source will dominate the next wave of software. In looking at emerging trends in tech, he expressed how closed core, or closed source, software is hitting a plateau. Commercial open source companies are able to disrupt and forge the path for a shift in the space.
Sharing his optimism for the future, JJ highlighted emerging projects OSS Capital is excited about and emphasized that the most successful open source companies thrive by generating more value than they capture.
Learn WordPress
The second half of the conference featured more than 20 sessions and workshops across three tracks. Topics ranged from leveraging AI in WordPress to getting the most out of wp-admin.
Thursday’s dedicated networking session brought attendees to the sponsor hall to explore and connect with the vast ecosystem of hosts, plugins, agencies, and service providers. The WordCamp US Lounge, located within the exhibit hall, held focused discussions on hosting, neurodiversity, inclusivity, and content marketing.
WordCamp attendees stopped by the Code is Poetry lounge to try their hands at the vintage Smith Corona and have a poem written by the Typewriter Troubadour.
Attendees take a break in the center of the exhibit hall at the “campfire” where various discussions were held throughout the event.
Q&A with Cofounder Mullenweg
In a dynamic keynote, WordPress Cofounder Matt Mullenweg delivered one of his “spiciest” WordCamp presentations, combining insights on WordPress’s open source future with a creative twist. He opened by reading his recent post that explores open source philosophy, touching on themes of freedom, collaboration, and the ongoing influence of open source projects like WordPress. Mullenweg also critiqued companies for misleadingly labeling proprietary models as open source, stressing the importance of true open source licenses for the future of software freedom.
Matt further emphasized WordPress’s ecosystem-driven development and highlighted the Five for the Future initiative, an effort to avoid the tragedy of the commons and ensure that WordPress thrives for everyone. His speech addressed community concerns about companies profiting off WordPress without giving back and urged attendees to support companies that contribute to the platform’s growth.
Before diving into the Q&A segment of the presentation, Matt expressed the importance of recognizing:
“What we create together is bigger than any one person.”
WordPress Cofounder Matt Mullenweg on the main stage at WCUS 2024.
Matt Mullenweg and Brian Richards on stage at WCUS 2024.
Save the Dates
In his closing remarks, emcee Brian Richards expressed gratitude for the fantastic work the event organizers and volunteers contributed to produce WCUS 2024.
Brian reminded attendees to save the date for WordCamp US 2025, which will once again take place in Portland, Oregon, from August 26 to 29, 2025.
Attendees gather at WCUS in Portland, Oregon.
No WordCamp is complete without an after-party, with this year’s taking place at the Oregon Museum of Science and Industry (OMSI). Attendees concluded a week of WordPress with refreshments while visiting the exhibits—including a submarine and planetarium—and posing in the photo booth.
Stay connected
WordPress events enable technologists, open source enthusiasts, and community members around the globe to meet, share ideas, and collaborate to drive WordPress and the open web forward.
It was discovered that ruby-saml, a SAML library implementing the client side of a SAML authorization, does not properly verify the signature of the SAML Response, which could result in bypass of authentication in an application using the ruby-saml library.
