WP Engine Sues WordPress for Libel, Extortion

WP Engine, a major web hosting provider, has filed a federal lawsuit against WordPress [PDF] co-founder Matt Mullenweg and Automattic, alleging libel and attempted extortion. The suit stems from a public dispute over WordPress trademark usage and open-source licensing.

WP Engine, which hosts over 200,000 websites, accuses Mullenweg and Automattic of "abuse of power, extortion, and greed." The conflict escalated after Mullenweg called WP Engine a "cancer to WordPress" on his blog, prompting a cease-and-desist letter. Automattic subsequently demanded 8% of WP Engine's monthly revenue as royalties for alleged trademark infringement. The lawsuit includes 11 complaints, ranging from slander to violations of the Computer Fraud and Abuse Act.

Third opinion

[CEC-P]

As a former web UI designer and web developer, I hate them both. They're garbage and a complete and utter stain on the internet. They make generic garbage websites and let unqualified people run the whole website project into the ground while getting their email accounts hacked to send out phishing scams. You know, instead of hiring a professional web design firm to do it, who probably also is some dumb 20 year old with no college degree who also uses wordpress and thinks scaling an image while changing the aspect ratio is just fine and doesn't know what JPG encoding levels even is.

Re:

[drinkypoo]

I'm going to join in with you here and at least one of us will be downmodded, probably me. Even without adding questionable addons, Wordpress is a security shitshow. For example, there have been numerous SQL injection and XSS vulnerabilities in the WP core.

Cites: https://patchstack.com/databas... [patchstack.com]

Re:

[whoever57]

That link doesn't provide the support for your argument that you claim.

A casual look at it shows that WP plugins are a security shitshow.

It's true that WP has had its share of security issues in the past, but I think that recently, it has been much better.

Re: Third opinion

[Midnight_Falcon]

One of the things wp engine does is monitor for plugins with vulnerabilities and automatically disables blacklisted ones with issues. As to why this couldn't be done by core WordPress..it's a laissez-faire attitude. Unfortunately expecting a bunch of amateur web admins to implement security best practices is what led us to this understanding WP is a security shit show.

Re:

[BringsApples]

I just want everyone in the upline here to know that you're next for this libel lawsuit.

Re:

[drinkypoo]

That link doesn't provide the support for your argument that you claim.

Tell us you couldn't figure out how to operate the site without telling us.

A casual look at it shows that WP plugins are a security shitshow.

You have to click twice to see only core vulnerabilities. HTH, HAND.

Ah yes, there is the downmod

[drinkypoo]

For some reason there are literally always people with modpoints who reliably defend WP against "attacks", AKA sharing facts about it.

I can only conclude that they are not only WP devs, but also personally responsible for it being trash software.

What's weird to me is that it is among the least secure CMSes, even though it is arguably the most popular CMS. The conventional wisdom is that many eyes improve security, but there must be something at WordPress which prevents that from occurring.

Drupal used to hav

Re:

[Revek]

I don't disagree but you have to consider the reason why wordpress gets compromised so much is because of its popularity. No one is trying to hack some fringe framework.

Re: Third opinion

[drinkypoo]

Drupal is the basis for over 50% of the government websites in the world. You think nobody is attacking those?

Re:

[cstacy]

scaling an image while changing the aspect ratio is just fine and doesn't know what JPG encoding levels even is.

How you even know you got JPG encoding levels, kid?

a childhood memory [youtube.com]

Re:

[rabbirta]

I thought this line was funny too -- there's no such thing as JPEG encoding levels, AFAIK.
There's JPEG COMPRESSION levels, maybe that's what they meant?


https://blog.naver.com/xhakti/... [naver.com]
https://www.mylargescale.com/t... [mylargescale.com]


The only two references to that phrase I can find, and the primary is from a non-english blog.

Re:

[bradley13]

Welcome to modern IT. There is such a huge demand for software (and I loosely include websites as software) - there just aren't enough competent IT people to produce it all. There is the flip-side as well: what top-notch IT person wants to produce endless crappy websites? Hence, you get tools like WordPress that let marginally competent people produce stuff.

Why WordPress a mess? It is designed to let basically anyone do basically anything, either directly, or with any of a zillion plugins. There is no way

Re:

[smooth wombat]

There is no solution to this problem. It is just inevitable...

I'm presuming the KISS principle isn't an option? We have to have the most convoluted, jazz-fangled software/web sites imaginable.

This is like people complaining the touchscreens in their vehicles are a pain to use. Apparently there's no way to correct this situation.

Re:

[unrtst]

there just aren't enough competent IT people to produce it all.

Oh, there are enough of them. There just aren't enough competent IT people WILLING to produce all that garbage for next to nothing.

What I used to think was unacceptably awful output from MS FrontPage would look lightweight and clean compared to most of those WP sites (where you must consider both the backend code, frontend, and the javascript in the middle). I wouldn't go so far as to say that such things have a right place and right time, but there's certainly a market for it.

Re: Third opinion

[jasonw61]

Why exactly would you not want a tool, that it lets marginally qualified people, make websites?

You are not making any sense.

Re:

[drinkypoo]

Wordpress and Drupal are terrible

Conflating Wordpress and Drupal is terribly ignorant.

Drupal has a far superior security record.

Re:

[rickb928]

"'scaling an image while changing the aspect ratio is just fine and doesn't know what JPG encoding levels even is."

Um, I've known all that since around 1995. I'm not an expert, no college, no training except my own self-taught.

So the experts, professionals, for so long, were designing web pages more than 18700 pixels tall, when common monitors were 800x600, and 1024 monitors were pricey and uncommon. Forcing most visitors to scroll to see the SUBMIT button just to accept the TOS/EULA agreements and actually

Re:

[jonadab]

Eh, I'm not a huge fan of WordPress either, but at least its output can be meaningfully styled with CSS, and can reflow reasonably when the browser window is a different width. The real cancer in web design is those horrible PrintShop-esque prefab website services (Wix, SquareSpace, etc.)

Re:Third opinion

[mysidia]

As a former web UI designer and web developer, I hate them both.

Wordpress solves a problem. So unless you have a better solution to that problem which is not massively more expensive (such as requiring people familiar with handcoding HTML, CSS, and JS to build websites), and is not massively more limited (Such as not capable of doing what wordpress can do to the same extent with the same ease for its userbase): The existence of Wordpress is a net positive for the internet as it makes things better for Wordpress' users, and the visitors to their websites.

Re:Third opinion

[garett_spencley]

Name one good piece of furniture that would not exist if people had to know how to use a hand plane to make one.

The person you're replying to made a point that Wordpress is a tool and that it serves the needs of its users, who have unique and varied requirements.

But us engineer types LOVE to argue about which tools are superior.

It's true that Wordpress has been plagued with security issues over the years. That's a valid strike against Wordpress.

But it has also lowered the barrier of entry for people creating websites. People are unique and varied and have their own unique and varied circumstances. Maybe a non-tech person is starting a small business, has done a bit of dabbling and doesn't have the budget to hire someone and just needs a simple home page to post contact information for that business.

You probably wouldn't consider this website to be "good", but that's not even relevant. If it serves the needs of that hypothetical business owner, that's all that matters.

The question then becomes, who the fuck are you or I or anyone else to tell them what is the "right" way to go about doing that?

And yeah there are services like Wix out there now that can fill that void probably better. But it's just a different tool and every tool has its tradeoffs just like every user has their own requirements.

Re:

[thegarbz]

You don't get to arbitrarily decide if a Scotsman is true based on their kilt. Your criteria of "good" is already worthless.

Re:

[drinkypoo]

Wordpress solves a problem. So unless you have a better solution to that problem which is not massively more expensive (such as requiring people familiar with handcoding HTML, CSS, and JS to build websites), and is not massively more limited

It is called Drupal.

They have had far fewer vulnerabilities in the core, and in the popular modules. Today this is in large part because it is based on the Symfony framework, so they don't have to do that part.

The existence of Wordpress is a net positive for the internet

False. If it didn't exist, most of the people who use it would use Drupal, which is more secure.

Re:

[thegarbz]

Sorry but no. Having used both, one is a single click away, the other requires actual knowledge. They are not the same. There are many people who rely on Wordpress. Heck even me as a tech head could setup Wordpress on my hosting provider *LITERALLY* with a single click, but Drupal would be far more complex.

Re:

[drinkypoo]

Sorry but no. Having used both, one is a single click away, the other requires actual knowledge. They are not the same.

You do not need to know shit, because if you do not know shit, you just go to a hosting provider who does the installs for you like most of them do.

Heck even me as a tech head could setup Wordpress on my hosting provider *LITERALLY* with a single click, but Drupal would be far more complex.

Me as a tech head could set up Drupal on my hosting provider *LITERALLY* with a single click. They have a facility for that. Are you new?

Re:

[nicubunu]

Drupal is so much less friendly that if it was the most used platform, there Web would be significantly smaller (a net negative). Now, if you think a smaller web would be beneficial, how can I argue?

Re:

[mysidia]

It is called Drupal.

They have had far fewer vulnerabilities in the core, and in the popular modules.

It seems that Drupal is not actually an alternative to Wordpress for the basic problem of providing an easily installable system with an intuitive User-friendly UI for non-technical users to build and deploy blogs and simple websites.

I would point out that Wordpress came to fruition years after Drupal released. If Drupal had solved the problem, then people would likely have already been using Drupal

Re:

[Targon]

The thing that strikes me is that you have WP Engine that uses WordPress as the core of what it offers to its customers/clients, but then decides to start saying how horrible WordPress is. Now, it makes some sense for WordPress to tell WP Engine, "Well, you don't like what we provide, so, fuck off!", then WP Engine suddenly realizes that without WordPress, their business is GONE.

When you are taking something and making a business based on what you are taking, going public and saying how much you dislike t

Re: A complete sh*t show in the making

[RazorSharp]

When did WP Engine publicly trash WordPress?

Re:A complete sh*t show in the making

[Dracos]

This is a fight between a turd and a slightly polished turd.

They both need to be flushed.

My giveacrap-o-meter is reading below 0

[acroyear]

Seriously, this isn't as fundamental an argument as, say, SCO v Linux or the Java/Javascript trademark issue, or even deno v node. It doesn't need the daily attention on /. that the mods seem to be giving it.

Re:

[fleeped]

You want more AI stories I suppose? Count your lucky stars that we still get some non-AI non-Apple/Google/Meta/Amazon stories

Re:

[thegarbz]

It doesn't need the daily attention on /. that the mods seem to be giving it.

At the core is an issue of a potential GPL violation. This story qualifies more for this audience (or at least this audience with a sub 7 digit UID) than most of the drivel posted here these days.

But further down is a story of Paypal making a transaction with a stable coin (whooopediefuckingdoo) if that tickles your loins more.

All of this...

[peterww]

because one dude didn't like that a completely separate company wasn't enabling version control in its customers' web pages

JFC. How about you just make a marketing campaign that *your* company is superior because it has versioning? Rather than get into a pointless legal battle?

This could turn into a wild ride...

[DeplorableCodeMonkey]

WordPress.com is a commercial entity. WordPress.org is a non-profit. Both of them are run by the same guy, Matt Mullenweg. From the outside, it does not appear that there is a meaningful separation to prevent a conflict of interest like this where the .org is being used as a weapon to defend the .com side.

IANAL, but Mullenweg could be starting to crack open Pandora's Box for his side by weaponizing a non-profit to materially benefit a for-profit entity he owns a substantial share in and runs.

To my knowledge, WP Engine is not accused of any sort of GPL violation. Literally their whole "evilnness" is being too competitive at hosting services without contributing what Mullenweg thinks is "their fair share."

I would be very curious to know if Mullenweg has the kind of legal team that can look at the situation holistically and tell him if he's truly safe or inviting a bloodbath from state and federal regulators over misuse of the non-profit.

Re:

[thegarbz]

To my knowledge, WP Engine is not accused of any sort of GPL violation.

Correct, he's accused of trademark dilutement, by offering a locked down product based on the original code. That was the complaint. Go read it, we've only run multiple slashdot stories on it so far.

and tell him if he's truly safe or inviting a bloodbath from state and federal regulators over misuse of the non-profit.

There is nothing about being a non-profit that prevents you also running a for profit entity in the same line of business. This is something they've been doing for 20 years now, they'll be fine on this front.

Re:

[chirino]

The WPEngine trademark has been in use for like 10 years. They never enforced the trademark before on them. As far as I'm concerned, WordPress has failed to protect the 'WP' as a mark and have lost that. They better be careful, because they might also loose the Wordpress mark too if it's shown they did not aggressively protect that one either. IANAL.. just my 2 cents. Remember these all use to be trademarks: Aspirin, Escalator, Thermos, Yo-Yo, Zipper, Videotape, Trampoline

wordpress is toxic garbage

[awwshit]

Between the security issues in the core and the security issues in the endless plugins, wordpress is garbage. Our Marketing group uses outside help for the web site and they demand wordpress. I run it at a hosting provider I don't care about and the website stands completely alone in the world. I keep that toxic garbage as far from everything else as possible, just a matter of time before compromise.