ACF Plugin no longer available on WordPress.org

This is particularly bananas as ACF is basically table stakes for doing anything beyond blogging. I’d assume most websites that make actual money are thoroughly dependent on it.

To twist the knife on a personal spat, Mullenweg just blew up uncountable businesses on a double-holiday weekend. At this point, seriously, fuck that guy.

They replaced ACF with a forked version so the functionality is still there. That doesn't excuse it but the situation is not so dire for users.

Asking for a friend... What's the migration path to a different plugin look like? Seamless? Better be duckin seamless

You don't need to migrate from ACF to a different plugin, you can still access ACF and received future updates indepedent of wordpress.org. See https://www.advancedcustomfields.com/blog/installing-and-upg...

There are examples of things breaking in this very comment section [1].

Given how widely used ACF is, it wouldn't be surprising to learn that a lot of weekends were ruined by the "fork".

[1] https://news.ycombinator.com/item?id=41830709

> This is particularly bananas as ACF is basically table stakes for doing anything beyond blogging.

Not sure about this.

I'd assume most Wordpress sites that make actual money are dependent on WooCommerce and Easy Digital Downloads, and maybe Gravity Forms/WP Forms for member subscriptions.

None of these are reliant on ACF, and there's any number of WP plugins like this that do the whole job of some website niche or other.

(I've been doing bespoke WP builds for at least a decade -- first one probably more like 14 years ago actually -- and I've not used ACF a single time. There has always been an alternative, and for a developer it's a bad choice.)

Either way: I don't think ACF's popularity is the major factor here. It's that it's an outright abuse.

The word "gaslighting" gets overused but it applies quite well to what ACF free plugin users are experiencing here.

As to "blew up": I am not sure how many money-making ACF users this has affected, because they tend to use ACF Pro, which is a separate download.

What appears to have been removed from ACF to make this shady SCF nonsense is the upsell marketing. Not sure what other breakage there would/could have been. I have seen people say things have broken but I suspect they are relatively minor issues caused by the actual ACF security patch which is also shipped here... because they haven't changed much.

Though if Secure Custom Fields is getting the blame for the breakage, that's kismet, karma, whatever you want to call it.

Looking at the code, it's not clear to me how much has broken because of the fork, and how much has broken because of the "secure context" security patch that ACF have apparently also applied in their own version.

That is, I think some of these things might have broken even with the real ACF.

The main change appears to be that if a developer has used a built-in wordpress function as a filter hook (rather than a user-defined one), that has been blocked. (This has never been a good idea, anyway; developers should not do it.) Also a filtered version of the POST variables has been passed to the callback. These are both seemingly to stop CSRF attacks.

This patch was necessary; it prevents CSRF and potentially other nasties.

I don't mean to excuse any of the other bullshit; I'm just saying that if there are "breakages" here, they are likely to do with the necessary patch that is hidden inside the gaslighting.

Fair enough. My info might be a little out of date from my web agency chop shop days, but I do recall that for essentially any substantial site it was assumed from day 1 that it would involve an ACF install. Probably integrated it into… fifty(?) websites over the years. I don’t recall the value prop of Pro, and I actually don’t think I ever touched it myself.

Biggest value prop of Pro (for me, anyway) was the Repeater field, which lets you add a collection field.

I don't think GP's distinction of "websites that make money" == "online stores" is accurate or meaningful. I use ACF on every website, my clients are money-making businesses. Only a couple of them are running WooCommerce (and those are running ACF as well).

Nothing about running a business on WordPress makes WooCommerce and ACF mutually exclusive.

Counterpoint. Just have a look how many times ACF is mentioned (for example) in this thread [0]. ACF is massively popular. The fact you've never used it, for as long as you've been involved, is extraordinarily rare. I'm really surprised to hear you say that (but good for you if you've got the time and chops to never resort to it! That's awesome).

https://www.reddit.com/r/Wordpress/comments/1cc0aor/what_are...

I might be wrong, but as best I can tell from some quick searching, ACF is the most mentioned.

I used to be at a website vendor house where we managed/built about 120 midsize websites (over awhile).

All of them used ACF for custom article types, testimonial types, carousels, and other random one-off “content-types”

Not trying to debate against you, just adding that wordpress usage is so wide

There are plenty of uses for WordPress for marcom sites for Fortune 500 brands that don't use those sites for transactional revenue, but they serve millions of impressions a month that rely on ACF. This is a supply chain attack. The security discussions with client IT groups happening this week are going to be a much bigger deal than they were last week.

The erratic and bizarre behavior of the BDFL that runs WordPress and Automattic has proven himself untrustworthy and is causing massive damage to the WordPress ecosystem.

Tell your friend to get ready to jump to the next thing.