Login

Tag Archives: WordPress.org

20 Dec 2024

Matt Mullenweg Finally Claims on WordPress.org That He Owns It, While Making False Claims About Volunteers and His Legal Problems

Since Matt Mullenweg started trying to extort WP Engine, the issue of who owns and controls the website for WordPress, WordPress.org, has come up again and again. Curiously, Matt Mullenweg has claimed in various locations that he personally owns and controls it, while not disclosing on the website. For example, on September 25 he wrote on the News blog on the website that “What I will tell you is that, pending their legal claims and litigation against WordPress.org,” that was despite there being no legal action threatened against WordPress.org (but was threatened against him). By comparison, in an October 4 story from The Verge, he claimed “WordPress.org just belongs to me personally.” That changed in a post today on the News blog of the WordPress website where he stated “but also me individually as the owner of WordPress.org.”

The About page of the website still reads as if the website is for the WordPress project, instead of his personal website as he claims elsewhere. [Read more]

13 Dec 2024

WPScan Ignores That Security Issue From Website of Their Boss, Matt Mullenweg, Played Vital Role in WordPress Websites Being Hacked

Two days ago, a news story about WordPress websites being hacked was published titled “Hunk Companion WordPress plugin exploited to install vulnerable plugins.” The last part of that is important, but was largely ignored in the story. With the only mention saying that “While investigating a WordPress site infection, WPScan discovered active exploitation of CVE-2024-11972 to install a vulnerable version of WP Query Console.” That plugin was closed on the WordPress Plugin Directory on October 21.

[Read more]

9 Dec 2024

Automattic Isn’t Sponsoring 3,500 Hours a Week to the Maintenance of WordPress.org

While WordPress is an open source project, there is so much that isn’t open and transparent about it. That includes one team that largely operates anonymously, seemingly to avoid people being able to identify individuals taking harmful actions, and it includes a security team (or teams) where even basic details are mystery. We also still don’t have a clear picture of who is managing and paying for the WordPress website. That is obvious concern with everything that has been happening recently involving Matt Mullenweg’s campaign against WP Engine. One thing we can say with good certainty is that Automattic isn’t sponsoring its employees to spend 3,500 hours a week maintaining that the WordPress website, as some people have been mentioning recently.

The confusion over this seems to be based on a declaration made in the legal case between Automattic/Matt Mullenweg and WP Engine. In the declaration, an Automattic employee stated: [Read more]

2 Dec 2024

Automattic Apparently Manages the WordPress.org Infrastructure

Because of recent actions taken by Matt Mullenweg, the control of WordPress.org has become a big security concern. It continues to be unclear who actually is in control of it. Lawyers representing Matt Mullenweg and Automattic have put forward varying explanations. In a legal filing on October 22, they put forward the view that Matt Mullenweg is personally in control of it:

WordPress.org is not WordPress. WordPress.org is not Automattic or the WordPress Foundation, and is not controlled by either. To the contrary, as Plaintiff itself acknowledges, WordPress.org is Mr. Mullenweg’s responsibility. [Read more]

21 Nov 2024

Spokesperson for WordPress.org Claims It is Committed to “Continued” Transparency and Increasing Security Expectations

If you have followed what is going on with WordPress recently, a word that wouldn’t be something you would use to describe things would be transparency. And yet an unnamed “WordPress.org spokesperson” speaking to an undisclosed employee of the head of WordPress, Matt Mullenweg, claimed that WordPress.org is committed to continued transparency:

WordPress.org is committed to increasing security expectations, adopting secure development practices, continuing to lead the project with transparency, and being a willing and helpful partner regarding any government requirements. [Read more]

4 Nov 2024

Matt Mullenweg and His Lawyers Have Very Different Estimates as to the Cost of Running WordPress.org

Recently it was made public that Matt Mullenweg personally has the ability to stop WordPress websites from getting automatically getting security updates from WordPress.org. That was exposed when he blocked customers of WP Engine from getting those updates. He can do that because he apparently personally owns the WordPress website. He provides various justifications for that. Including that someone independently wealthy is needed to subsidize the website, “[t]hey need to be independently wealthy to subsidize http://W.org, which serves 30k requests a second at peak.” It doesn’t actually need to be owned by an individual, but whoever owned, there is the question of how much it costs to run it. Matt Mullenweg hasn’t provided accounting how much it costs to run and how much money he is making off it (he apparently has income from the website). So how much does it cost? The answers coming from his side vary significantly.

On September 26, Matt Mullenweg put the price of supporting only the estimated 1.5 million website hosted with WP Engine as costing millions of dollars, “You could imagine that probably costing millions of dollars per year in infrastructure and cost, development time, everything to support those 1.5 million sites.” [Read more]

28 Oct 2024

Matt Mullenweg Claimed He Makes Money Off of WordPress.org

The current situation with WordPress has made the control of the website for WordPress, WordPress.org, an important security issue. Recently Matt Mullenweg has claimed in multiple places that he personally owns the website. Notably, though, he hasn’t done that on the WordPress website itself. Last week his lawyer also made that claim in a legal filing. If that is true, then a remaining question is who is paying for the website. As we have mentioned in previous posts, parts of the website are clearly hosted by Automattic. An Auotomattic employee stated in December that Automattic “provides the infrastructure and maintenance” for another part of the website. It also widely assumed that web hosts are paying to be included listed as recommended hosts on the WordPress website. Matt Mullenweg hasn’t provided any explanation as to what is going on with any of that. But it turns out he recently indirectly admitted to making money off of the website.

In looking over a recent legal filing from WP Engine’s lawyers, an October 1 tweet from Matt Mullenweg caught our eye for a different reason than the filing’s focus on it. The tweet says “So if http://W.org was under the Foundation, which is a 501c3, we’d have to remove all commercial plugins, like Elementor, Yoast, Jetpack, etc. That’s why I run it through me personally and pay taxes.” He wouldn’t have to pay taxes for simply owning the domain name or the website. He would have to pay taxes if he was receiving income from the website. (WordPress.org doesn’t have any employees, so he wouldn’t be paying employment taxes either.) [Read more]

25 Oct 2024

The Executive Directory of WordPress.org Is an Employee of Automattic

On Monday, the new Executive Directory of WordPress.org started on the job. The position raises serious question about what is going on with WordPress. The WordPress post by Matt Mullenweg announcing they were going to be taking on the role made it sound like they were going to be employed by WordPress.org:

We’re proud to announce that Mary Hubbard (@4thhubbard) has resigned as the Head of TikTok Americas, Governance and Experience, and will be starting as the next Executive Director of WordPress.org on October 21st! [Read more]

24 Oct 2024

Matt Mulleweg’s Lawyer Says that WordPress.org Is Not WordPress

We have been following the confusing situation with what WordPress.org is and who owns the website hosted at wordpress.org. That has included Matt Mullenweg disagreeing Automattic’s lawyers over that, which became a legal “mystery”. One place that you can’t find answers to those questions is the About page on wordpress.org and the rest of the About section on of the website. In the text of that page, there are 11 references to WordPress and none for WordPress.org. The title of the page does include WordPress.org. So you would reasonably think that the website of WordPress is wordpress.org. Not so says the lawyers defending Automattic and Matt Mullenweg in the lawsuit brought against them by WP Engine. Instead, they make this claim in a legal filing submitted yesterday:

WordPress.org is not WordPress. WordPress.org is not Automattic or the WordPress Foundation, and is not controlled by either. To the contrary, as Plaintiff itself acknowledges, WordPress.org is Mr. Mullenweg’s responsibility. [Read more]

11 Oct 2024

Matt Mullenweg Is Now Claiming WordPress.org Provides “Access to WordPress-Related Software at No Charge,” While Trying to Charge for Access

If you are trying to figure out what is going on with WordPress these days, it is difficult, as Matt Mullenweg and others on his side are saying things that appear to varying degrees to not be true. We previously covered how a lawyer for Automattic was claiming that a non-profit owned WordPress.org, while Matt Mullenweg is claiming he owns it. On the Hacker News, Matt Mullenweg responded to a reply about that by claiming that “All the information in the links you shared is totally wrong.” One of three links he claimed contained information that is totally wrong was a post he had written. He then responded, “Sorry for that error, the post has been updated now.” The change made to the post doesn’t make sense from a legal perspective, but it also involved Matt Mullenweg making a striking claim based on what else he is doing.

Here is the relevant sentence from the post before it was changed, with emphasis added by us to the relevant change: [Read more]