The Advanced Custom Fields (ACF) plugin will continue as Secure Custom Fields to “remove commercial upsells and fix a security problem.”
Forking ACF and taking over the plugin on WordPress.org is a new move by WordPress founder Matt Mullenweg, who is in conflict with WP Engine, the hosting provider behind ACF. This plugin allows users to customize their edit screens. According to Mullenweg, however, we are in a situation that has not occurred on this scale before. “This is a rare and unusual situation brought on by WP Engine’s legal attacks, we do not anticipate this happening for other plugins,” the WordPress founder said.
The ACF team responded on X on WordPress’ action to take control of the plugin. “A plugin under active development has never been unilaterally and forcibly taken away from its creator without consent in the 21 year history of WordPress,” ACF said.
Security
Mullenweg refers to the steps taken by the ACF team. In early October, ACF announced it would now offer updates directly through its own website. WP Engine also introduced its own solution for updates to plugins and themes, renouncing WordPress update services. The content management system sees this as problematic, as it may cause websites to miss important security updates.
Although both parties interpret the situation differently, WordPress refers to its guidelines. These explicitly state that the platform has the right “to disable or remove any plugin from the directory, even for reasons not explicitly covered by the guidelines..”
Tip: New director for WordPress.org after walking away from old one