The ongoing dispute between WP Engine and WordPress (Automattic) presents notable risks for organisations using WP Engine for hosting. The following is Rocca’s summary of the situation and our estimation of risk for users of both platforms. We’ll update this platform as matters unfold.

The conflict stems from WordPress’s claims that WP Engine is exploiting its platform without proper licensing and contributions back to the open-source project. This led to WordPress temporarily blocking WP Engine’s access to key services, such as plugin and theme updates, which caused frustration among WP Engine’s customers.

The core issue involves WordPress demanding that WP Engine pay 8% of its revenue or contribute in other ways, which WP Engine has resisted. WP Engine, backed by private equity, has responded by filing a lawsuit accusing WordPress’s leadership of extortion and unfair competition. The situation remains unresolved, with potential service disruptions for customers depending on WordPress features, particularly if the blockages resume.

For clients using WP Engine, the risk includes:

1. Downtime or functionality issues: Updates to themes and plugins might be delayed, increasing security vulnerabilities.
2. Lawsuit-related uncertainties: Continued legal battles could strain WP Engine’s resources and lead to reduced service quality.
3. Lack of future WordPress support: If the situation escalates, WP Engine could face permanent disconnection from WordPress resources, forcing clients to migrate or adapt to a less integrated platform.

From a statistical risk profile, the major concerns would revolve around service reliability, security vulnerabilities, and potential migration costs.

While WP Engine is taking legal steps to protect its customers, the dispute underscores the need for clients to evaluate contingency plans, such as diversifying hosting providers or preparing for potential migrations if the situation worsens.

The risks for Wordpress users:

The continued use of WordPress in light of Automattic’s increasingly aggressive behavior, particularly regarding its dispute with WP Engine, presents some risks for users dependent on the platform.

These risks arise from Automattic’s dominance over the WordPress ecosystem and its recent shift towards more stringent enforcement of licensing agreements. Here are key risks to consider:

Centralisation and Control: Automattic’s actions suggest a move to centralise control over the WordPress ecosystem, which could undermine the decentralised, open-source nature of the platform. Users and hosting companies reliant on WordPress could face higher costs or restrictions if Automattic continues to demand financial contributions or exert control over plugins and updates.

1. Vendor Lock-in: Given WordPress’s dominant market share, Automattic’s aggressive stance could lead to a scenario where users and developers are locked into its ecosystem, limiting their ability to freely innovate or move to alternative solutions without significant cost or effort. This creates dependency risks, especially for users building businesses on the platform.
2. Legal and Financial Uncertainty: Automattic’s aggressive pursuit of licensing fees and potential legal action against major hosting providers could trickle down to affect smaller businesses and users who may find themselves caught in the crossfire. This could increase legal risks and potentially lead to disruptions in service if hosting providers are cut off from core WordPress services
3. Erosion of Open Source Values: Automattic’s commercialisation of WordPress, as seen in its disputes with WP Engine, is a departure from traditional open-source principles. This could alienate developers and contributors who are motivated by the collaborative nature of open-source projects, potentially leading to reduced innovation and community support
4. Security and Update Delays: In disputes like the one with WP Engine, where Automattic restricts access to critical updates, security vulnerabilities may go unpatched, putting websites at risk. Users reliant on managed hosting providers that find themselves in Automattic’s crosshairs could experience these issues more directly

Continued use of WordPress carries growing risks related to control, legal uncertainty, and potential disruptions in service. Users should consider diversifying their CMS strategies or evaluating hosting providers’ ability to remain resilient in the face of Automattic’s actions.

We'll update this content in the light of new developments in this issue. Please reach out to us directly if you have any questions or concerns.