Uncertain future for WordPress leaves law firm websites exposed

The conflict threatening WordPress stems from legal actions and disputes, primarily between WordPress co-founder Matt Mullenweg, Automattic, and WP Engine. Mullenweg is the CEO of Automattic, the company behind WordPress. WP Engine is a managed WordPress hosting company and owner of the most prevalent WordPress plugins used in almost all WordPress installations.

The ongoing legal battles, retaliatory actions, and community division have created an environment where the future of WordPress is uncertain, prompting users to consider alternative platforms. Law firm websites are at risk due to concerns ranging from reduced investment in core development to supply-chain attacks to the potential for security updates for WordPress or its plugins to be withheld or delayed.

“The lawsuits will go years and could potentially bankrupt me or force the closure of WordPress.org” - Matt Mullenweg @photomatt, Jan 13 via X

Key Issues Driving the Conflict:

• Lawsuits and Legal Battles: The conflict started when Mullenweg demanded money from WP Engine to use the WordPress trademark. Since then, WP Engine has filed a lawsuit against Automattic and Mullenweg in response to what they described as attacks against WP Engine. Mullenweg has stated that these lawsuits could lead to the closure of WordPress, bankrupt him, and have significant financial implications for Automattic. 
• Retaliatory Actions: Mullenweg has taken retaliatory actions toward WP Engine, including blocking it and its customers from accessing the WordPress.org repository. Many members of the WordPress community have expressed concern about Mullenweg's actions, citing a lack of stability, transparency, and collaboration. Mullenweg owns the central repository for WordPress updates, themes, and plugins, giving him control over the WordPress ecosystem.
• ACF Plugin Takeover: Mullenweg's actions included taking over the Advanced Custom Fields (ACF) plugin, which WP Engine owns, and rebranding it as Secure Custom Fields, with the paid features of ACF Pro added. It’s worth noting that WordPress as a website solution is practically useless without ACF or SCF, as these plugins allow users to add custom fields to their WordPress website beyond the standard options. Some in the community viewed this as a supply-chain attack. Forking the code on this critical plugin into multiple factions will make supporting WordPress installations and their myriad plugins even more difficult.

Ramifications For Your Law Firm’s Website

The Panama Papers, the largest data leak of its type in history, leaked 11.5 million documents detailing financial and attorney-client information for nearly 215,000 offshore entities. This leak was ultimately attributed to WordPress and Drupal security vulnerabilities in Mossack Fonseca’s website. Resolving these security vulnerabilities requires an actively developed software package its developers fully support.

Already, this latest conflict has led to security concerns and maintenance challenges for WordPress users, such as:

• Security Risks: The conflict has led to several situations that have created potential security risks for WordPress websites:
• Blocked Access to Updates: WP Engine customers were temporarily blocked from accessing the WordPress.org repository, which means they could not automatically install plugins or themes, update plugins or themes, or update WordPress itself, including vital security patches.
• Vulnerability Disclosures: Automattic's public disclosure of an unpatched vulnerability in the Advanced Custom Fields (ACF) plugin without providing specific details created a climate of uncertainty about safety. Furthermore, Mullenweg's takeover of the ACF plugin, its rebranding to Secure Custom Fields, and the addition of paid features from ACF Pro are causes for concern. The situation surrounding plugin updates and ownership is unstable.
• Data and Privacy Issues The WordPress Update API has been called into question, and there are concerns about the internal website information that is being sent to WordPress.org periodically by the software itself. Also, Automattic's release of a list of WP Engine clients' sites, which included local and staging domains, is a significant privacy breach.

• Disruption of Community Support: The conflict has fractured the WordPress community, leading to a lack of collaboration and trust:
• Banned Contributors: Several core contributors and community figures have been banned from the official Slack and blocked by the WordPress official Twitter account, limiting the available support pool.
• Reduced Contributions: Automattic's decision to reduce its sponsored contributions to the WordPress project means reduced product development, testing, and feedback. Many key contributors have left the WordPress project, which will negatively impact the quality of future releases.
• Instability and Uncertainty: The most significant ramification is the general instability and uncertainty within the WordPress ecosystem.

The ongoing legal battles, retaliatory actions, and community divisions have created an environment in which the future of WordPress is uncertain. This concern is magnified by the length of time a law firm typically keeps its website, which is typically 5-10 years.

Why a Purpose-Built Solution May Be a More Stable Choice

Given the turmoil surrounding WordPress, a more stable and reliable solution for the legal marketing profession might be to use software purpose-built for that sector, such as RubyLaw. Here's why:

• Purpose-Built Functionality: RubyLaw is designed specifically for the needs of legal marketers, which means that it includes features and workflows better suited to legal marketers’ needs. It's not a general-purpose CMS that must be customized for legal, and it doesn’t require dozens of third-party plugins that significantly increase your security, privacy, and maintenance risks.
• Reduced Exposure to WordPress Conflicts: By moving away from WordPress, legal marketers can avoid the instability and conflict surrounding the WordPress ecosystem. The future of WordPress is uncertain due to the ongoing legal battles, so a more focused solution will provide stability in the long run.
• Open Source Foundation: Like WordPress, RubyLaw is also based on an open-source ecosystem. This means you still have the benefits of transparency, collaboration, and community-driven development but with an architecture built on Node.js and a more mature foundation.
• Proven Track Record: RubyLaw has more than 20 years of experience providing reliable and consistent solutions, and as part of Banyan Software, has the resources for long-term stability and management expertise to continue supporting and enhancing RubyLaw for another 20 years. RubyLaw provides more dependable and stable software than an ecosystem with frequent conflicts and instability.

By choosing a purpose-built solution like RubyLaw, legal marketers can focus on their core objectives without being disrupted by the issues plaguing WordPress.

RubyLaw has migrated dozens of WordPress blogs and websites to our purpose-built legal marketing platform. Click here to share your information for a free consultation on upgrading your website to RubyLaw.

Sources

• Mullenweg Says Lawsuits Could End WordPress
• The Mullenweg/WPE Thing
• WordPress Wars: Forking crazy nuclear takeover triggers fury
• Is Matt Mullenweg the Mad King of WordPress?
• WP Engine Banned from WordPress: Comprehensive Guide
• WordPress Plugin Vulnerability Leads to Panama Papers Leak
• How the Panama Papers Can Be Traced Back to a WordPress Plugin Security Flaw
• Aligning Automattic’s Sponsored Contributions to WordPress
• Panama Papers - Wikipedia
• Panama Papers: Email Hackable via WordPress, Docs Hackable via Drupal