Matt Mullenweg deactivates WordPress accounts of contributors planning a fork

WordPress is a lot more than it's core code. There's a whole ecosystem of plugins, for example, and the usual place to share them (wordpress.org/plugins) is, essentially, controlled by one guy. It's not so easy to fork that.

Then start with a new place to share plugins.

Exactly. It's a SPoF. Depending on ego and whims of a malicious tyrant is stupidity or insanity.

The first people to take this step will most likely have their plugins stolen, just as Matt did with ACF. This means taking this step is a massive danger for the first contributors - those with the highest impact are those with the most to lose.

What do you exactly mean with „stolen“? Honest question.

He forked the plugin and pointed the original uri to his fork: https://news.ycombinator.com/item?id=41821400

Matt's company will fork your project, replace your original plugin listing and claim all your reviews as theirs, while also stopping you from distributing security updates to force people to switch to their fork.

Imagine if you make your money from selling your plugin, and Matt does this to you. Every WP plugin developer has to live in fear of this happening at any moment, and you can be certain it will happen if you show any kind of resistance towards Matt.

I'd suggest guerilla-scraping the entire plugin site under the radar, unbeknownst to them. Go live with a new site that simply has all the same directory data as the existing site and additional mirror site links for each plugin, And create a process for plugin authors to claim the existing page in the directory.

Matt may be able to fork plugins, but they won't be able to fork every single plugin in the directory, as it isn't very feasible.

It also would then not necessarily be obvious to Matt which plugin listings in the new directory have been claimed, and which plugins are being updated by other people from the community.

Just scraping the site isn't quite enough. You'd also have to fork Wordpress to be able to use a plugin directory not under Matt's control, which is important for the average admin to quickly patch security-relevant issues.

But even when you do that, I'd expect him to just give people an ultimatum - either "officially" host on his plugin directory, or others, but not on both. You'd have to reach critical mass pretty much immediately, or Matt can bully the ecosystem into compliance.

Sounds fun. You would only have to provide listing editing if the plugin is not on the other site.

If anyone fills a complaint and can prove ownership a redirect can be provided.

Could maybe perhaps train an llm on a plugin and have it assist.making a free or not bloated version of some popular ones.

If that mass doesn't accumulate fast enough he is right and people want him to run things the way he does. It might look weird to me or others, they might even say the opposite but only ones actions count.

What do you mean? If you create a neopress.org and host the existing open source plugins there, how can they be stolen?

Just the code of WordPress needs to be updated that the plugins are downloaded from the new URL.

It's not so hard.

No, that's not how consent and preferences work. If someone has power over a group of individuals, and that group doesn't act due to threats, it's not confirming that they want to be controlled by that someone.

Did you look at the other comments, where someone asks the same question, and I give an answer?

Do you mean that your plugin can get stolen?

Well, you can ask plugin owners to upload a particular file with a particular key to their plugin on WordPress.org. That way they can prove they have access, and they should be allowed ownership of the plugin on the fork.

No, that's not the "stealing" I'm referring to. Instead of guessing what I could mean, just read my response to the person who first asked what I mean with "stealing".

They are to blame for his power. If someone else decided the time to act is now then they must choose now. The default is to not change anything.

I may ignore what people say and look what they do. I do this to make people angry :-)

What is the alternative? To tell people how sad it is they can't possibly anything ever? Why bother? Does more harm than good.

Yeah you mean he takes control of the plugin on WordPress.org? But if we all move to a different domain, you don't have that problem?

Only problem is that existing WP installations would need to be manually patched to the new domain name. As long as users don't do that they'll still be in Matt's control.

But yeah, can't we create some bots that scan the internet for WP sites and send the webmasters an email informing the corruption going on inside WP and the option for them to move to the new community.

You're completely ignoring that the individuals have a high risk when doing this, even more so when they are the first to take this step. It can often happen that individuals make choices to minimize risk, which lead to increased risk for the whole group. It's just game theory. But it sounds like you're ignoring this deliberately to make people angry, so I'll leave you with one last thought:

You're legitimizing Matt's bullying (by telling people "well, if you don't act counter to game theory and deliberately worsen your own standing, you obviously want to be bullied!") and thus actively telling people "they can't possibly anything ever". What you're doing does far more harm than good.

If you could move all WP plugins & plugin developers to a different domain at once, sure, there's no problem! But unless you have a magic wand, this won't happen. Then the question is: can you move enough at once to clear the network effect?

If you cannot do that, every developer that moved with you potentially just lost their livelihood. That's the crux of it. There's no technical issue to solve here, it's purely a social and economical one.

Well it can still go gradually. First move the plugins, one by one. Then update the WP sourcecode to the new domain. Then update existing installations.

> Could maybe perhaps train an llm on a plugin and have it assist.making a free or not bloated version of some popular ones.

And we are now back at the "having your plugin stolen" problem.

Not that I think it's "the right thing to do", but WPEngine could almost certainly "move enough at once to clear the network effect".

They host a _lot_ of sites. They were forced by Matt to maintain a mirror of the .org theme/plugin repos. They could very easily come up with a list of plugins that'll allow 99% or 99.9% or more of WP sites to work. They 100% have the technical skills and the cashflow and the business case to do this. They could very easily build and deploy this, and donate it to a properly managed foundation - the way Wordpress.org _ought_ to be.

My guess is the only reason they haven't done it (or gone public with it if they're already building it) is because they're waiting for the lawsuit to give them most of Matt's and Automattic's money first.

I suppose the only advice one can give are things one would do in that situation.

I've build many great popular things on other people's turf/platforms of which nothing remains.

I have a wp blog too since the beginning! We tried to rebuild our lost communities there. Then akismet started banning people for posting comments with links and I discovered it has no appeal mechanism.

Meet the new boss..

You are still ignoring the point I've brought up repeatedly: those who move first have the most to lose.

You act like moving gradually has no danger for the plugin authors. You've moved 5% of plugins over. Whoops, Matt stole their listings, and since you didn't reach critical mass nobody uses your WP fork which points to your new plugin directory.

You've just wiped out the livelihoods of 5% of plugin developers.

I don't understand, you mean in the case that most people don't patch their WordPress installation, and keep getting updates from WordPress.org?

You have to move all installations to the new domain, but you don't have to do that in 1 day. You can create bots scanning the internet for WP installations and mail the webmaster and inform them about the corruption at WordPress and give them info how to patch their instance.

Matt would have to clone all the plugins and keep them up to date by copying the plugins from the new domain. But he would be risking a lawsuit for each plugin he does this with. Seems like a lot of work with a lot of risk.

> You have to move all installations to the new domain, but you don't have to do that in 1 day.

YES, YOU DO! At least you have to move the majority of all installations day 1. I don't know why you keep repeating this.

Matt stealing a plugin isn't a theoretical issue. He has already done it. It has happened. I'm not constructing some unlikely scenario, I'm telling you what already occurred. WP plugins are GPL licensed, so there's no legal risk if he doesn't behave incredibly stupidly.

You keep throwing technical solutions against a social and economical issue. It doesn't work. There's no technical solution here.

Every plugin you move gradually is a livelihood you potentially destroyed. Can you at least acknowledge this?

Oh yeah ok, I guess I did forget a bit the important detail that most WP plugin developers are making money from a subscription plan on the WordPress.org site. So yeah their income is basically tied to that domain name.

Yeah ok, that sucks pretty hard.

Ok, then what about DDOSing wp.org during the entire transition? Just an idea, maybe a bit crazy.