Is WordPress.org Breaching the GPL with their latest SCF Plugin?

There has been some noise in the WordPress space in the past few months, kicked off by one of the WordPress co-founders, Matt Mullenweg, deciding to wage a one-man war against one of the biggest hosts in the WordPress space, WP Engine – or more specifically, one of their investors, a partnership called Silver Lake.

If you read my blog for a long time (I know you didn’t) you will remember I wrote about WP Engine’s investor, Silver Lake, in passing, when they bought a piece of Manchester City a few years ago.

Nevertheless, and all that aside, probably the thing which has got WordPress plugin and theme developers the hottest under the collar have been some of the tactics Matt and his team have deployed in this battle, one of which has been to kick WP Engine staff (and anyone affiliated to them) off WordPress.org (which he has confirmed is “his personal website”) and then to take over the popular plugin, Advanced Custom Fields, and call it Secure Custom Fields.

A week or so ago, over at WordPress.org, they went further, and added a second Secure Custom Fields plugin, only this one also included features from the ACF Pro plugin.

Both the free version of ACF and the pro version are owned by WP Engine, having been purchased in the last few years from the business Delicious Brains, who in turn bought it from the original developer, Elliot Condon.

This “takeover” of the ACF plugin has been claimed by a great deal of developers to be against the spirit of open source. But many also are claiming it is in fact also unlawful, and a breach of even the permissive GPL license.

Is it unlawful?

Is WordPress.org Breaching the GPL with their latest SCF Plugin? image 1

Well, the answer here lies in one word: attribution. In order to clarify this, I got a LLM (not a master of law, a large language model) to summarize the reasons why. ChatGPT is neutral, right?!

I asked it the question posted by this user on Twitter:

In GPL you can do what you like if you leave attribution intact, right… So is the below statement true (and why)?

“Basically, changing the Author and Author URI headers in the acf.php file is against GPL.”

The statement is true because the GNU General Public License (GPL) explicitly requires maintaining proper attribution to the original authors of the software. Here’s why:

  1. GPL Attribution Requirements:
    • The GPL grants users the freedom to modify, distribute, and use software, provided they comply with the license’s conditions.
    • One of those conditions is retaining the copyright notice and attribution to the original authors, typically found in the source files.
  2. The Author and Author URI Headers in acf.php:
    • In WordPress plugins, the Author and Author URI headers are part of the metadata that informs users about the original author of the plugin.
    • Altering these headers to remove or misattribute the original author effectively violates the GPL because it removes the acknowledgment of the original creator’s work.
  3. Why This Violates the GPL:
    • Modifying the headers to erase or misrepresent the original author’s identity is considered misattribution.
    • The GPL explicitly states that all copies or modified versions distributed must carry proper attribution and licensing terms, preserving the original author’s credit.
  4. What is Allowed:
    • You can modify the software however you like for personal use.
    • If you redistribute the modified software (even privately), you must:
      • Include the original license.
      • Attribute the original authors.
      • Provide access to the source code under the GPL.
  5. Practical Implications:
    • Changing the Author and Author URI headers misleads users into believing the software was created by someone else, breaching the spirit and the letter of the GPL.

Conclusion:

Changing the Author and Author URI headers in a file like acf.php is against the GPL because it removes attribution, violating the license’s terms. You must leave attribution intact when redistributing or modifying GPL-licensed code.

My Conclusions

It’s important to note that this has not, yet, been tested in court. Because GPL is a permissive license, the penalty for any breach is difficult to quantify. It’s therefore just ChatGPT’s opinion, until a court rules on this.

What do you think? Was Matt and wordpress.org (the same thing!) breaching GPL with the hostile takeover of Advanced Custom Fields and ACF Pro? Leave your thoughts in the comments box below. I might even publish them.

Leave a comment