Advanced Custom Fields has been returned to WP Engine after a preliminary injunction last week ordered WordPress co-founder Matt Mullenweg and his company, Automattic, to hand it back.
In October, WordPress.org took over the free version of ACF and renamed it Secure Custom Fields, which Mullenweg justified at the time as necessary for security reasons. The takeover of ACF, a custom fields plugin with over 2 million active installations, prompted widespread backlash from the WordPress community, open source advocates, and tech founders.
The feud escalated in November when WordPress.org forked ACF Pro, rebranding it as ‘Secure Custom Fields’ (SCF). This version retained all of ACF Pro’s premium features—including repeater, gallery, flexible content, clone fields, options pages, and ACF Blocks—while removing licensing and update checks, documentation links, and attribution to WP Engine.
On December 13, the ACF team confirmed on X that they had regained access to ACF’s WordPress plugin listing, posting, “53 minutes ago, we initiated publishing the genuine ACF on .org and are now awaiting .org to complete the review process to make it available.”
Shortly after, the team posted again: “We’re pleased to share that our team has had account access restored on WordPress dot org along with control of the ACF plugin repo. This means all ACF users can rest assured that the ACF team you trust is once again maintaining the plugin. There’s no action required if you have installed ACF directly from the ACF website or you are an ACF PRO user.”
On X, ACF developer Liam Gladdy thanked the WordPress community for its support. “Thanks, once again, to everyone for their support and love for @wp_acf over the last few weeks, and especially since the restoration last night,” he posted on X. “Your reviews, comments, support tickets, social media posts, and everything else have been so lovely to see. Our community is what makes working on ACF such a joy.” He added, “We’ve been building a whole bunch of incredible new features while we’ve been quiet, and you’re gunna love what we’ve got in store for you for 2025!”
While Mullenweg described ACF’s takeover as a “fork,” others labeled it a hijacking and even a supply chain attack. Loyal ACF users and fans posted dozens of one-star reviews for the first SCF plugin, which ACF has now inherited.
The preliminary injunction, which largely reflected a proposed order WP Engine submitted to the court, directed Automattic and Mullenweg to restore WP Engine and its employees’ access to WordPress.org, remove the domains.csv file from the WP Engine Tracker website, remove a login checkbox from WordPress.org requiring users to confirm non-affiliation with WP Engine, and return the ACF plugin.
Automattic and Mullenweg complied with the injunction ahead of the 72-hour deadline. Mullenweg expressed his opposition to the injunction, posting on X: “I’m disgusted and sickened by being legally forced to provide free labor and services to @wpengine, a dangerous precedent that should chill every open source maintainer. While I disagree with the court’s decision, I’ve fully complied with its order. You can see most changes on the site. They have access to ACF slug but haven’t changed it… must not have been the emergency they claimed.”
Earlier today, WP Engine published its 2024 year in review. While the blog post highlights the ACF team’s annual survey, it neglects to mention the plugin was taken over or that a free competitor is now available in the WordPress.org plugin repository.