The drama in the WordPress community continues to unfold as Automattic has banned WP Engine from accessing WordPress servers and resources. WP Engine users also won’t receive any plugin updates, making all websites and users relying on the hosting service vulnerable to cyber attacks.
Automattic claims the move comes in response to WP Engine altering a core WordPress feature to its advantage and blocking the dashboard’s native news widget on any sites using the hosting service to prevent WordPress’ criticism of WP Engine from reaching its users. According to WordPress’ statement:
WP Engine wants to control your WordPress experience, they need to run their own user login system, update servers, plugin directory, theme directory, pattern directory, block directory, translations, photo directory, job board, meetups, conferences, bug tracker, forums, Slack, Ping-o-matic, and showcase. Their servers can no longer access our servers for free.
The block is the latest development in the ongoing conflict-turned-legal dispute between the two companies. Given how frequently security vulnerabilities are discovered within WordPress plugins and themes, blocking access to updates leaves WP Engine users in a precarious position. WordPress has also placed all responsibility for addressing security issues on WP Engine.

While WordPress itself is free and open source, its plugin market has flourished over the years with both paid and free options. Paid WordPress plugins and service providers have built quite the business out of the platform, but WordPress feels it’s being taken advantage of, and the CEO of its parent company, Automattic, made it quite clear.
WP Engine had sent a cease-and-desist letter to Automattic after the latter’s CEO Matt Mullenweg publicly criticised the hosting provider for profiting off of the WordPress open-source project and not giving enough value back. Mullenweg went as far as calling WP Engine a “cancer to WordPress” during a public event.
Only a day after receiving WP Engine’s cease-and-desist letter, Automattic responded with its own, demanding compensation for WP Engine’s profits generated through the use of these trademarks and threatening legal action if the matter was not resolved.
In any case, a quick resolution to the situation remains unlikely. In the meantime, WP Engine users might start considering alternative hosting options, especially considering the risk they’ve been exposed to, just because two companies have decided to duke it out in the open.
In the News: India’s Enforcement Directorate busts $47.6M Fiewin app gaming scam