WP Engine vs Automattic timeline (Sept 2024 → ongoing) — open-source has centralized choke points

Claim: A vendor dispute between WP Engine and Automattic (Matt Mullenweg) demonstrated that even "open source" platforms have centralized distribution choke points that can be weaponized.

Timeline:

• September 2024 — Mullenweg calls WP Engine a "cancer to WordPress" at WordCamp US.
• October 2, 2024 — WP Engine files suit in U.S. District Court for Northern District of California, Case No. 3:24-cv-06917-AMO.
• October 12, 2024 — WordPress.org forcibly takes over the Advanced Custom Fields plugin (WP Engine property, >2 million installs), renaming it "Secure Custom Fields" without WP Engine's consent. See ACF → SCF forced fork (Oct 12, 2024) — first unilateral plugin takeover in 21-year WordPress history.
• December 10, 2024 — U.S. federal court grants WP Engine preliminary injunction ordering Automattic to restore access.
• January 10, 2025 — Automattic cuts weekly WordPress core contributions from 3,988 hours to 45 hours (TechCrunch), matching what Mullenweg said WP Engine contributed.
• September 12, 2025 — Court dismisses antitrust/extortion claims but allows defamation, interference, CFAA, and UCL claims to proceed.
• October 23, 2025 — Automattic files 162-page counterclaim.

Sources: TechCrunch (multiple); The Verge; Courthouse News; Bloomberg Law; PPC.land.

Confidence: Verified. Case is in motion through 2026; details should be cited "as of [date]."

Lesson for Candid clients: WordPress's openness is real at the code level (GPL license) and conditional at the distribution level (wordpress.org repository, plugin update channels, trademark enforcement). The argument that "WordPress is safe because it's open source" is incomplete — the safe part is the code; the unsafe part is the distribution infrastructure. See also BlackRock marks down Automattic shares 67.4% to $27.74 (June 30, 2025) — financial signal of dispute cost for the financial signal.