{"id":5118,"date":"2024-09-27T10:27:23","date_gmt":"2024-09-27T16:27:23","guid":{"rendered":"https:\/\/www.whitefirdesign.com\/blog\/?p=5118"},"modified":"2024-09-27T10:27:23","modified_gmt":"2024-09-27T16:27:23","slug":"wp-engine-isnt-hacking-wordpress-it-is-using-functionality-that-wordpress-provides-as-intended","status":"publish","type":"post","link":"https:\/\/www.whitefirdesign.com\/blog\/2024\/09\/27\/wp-engine-isnt-hacking-wordpress-it-is-using-functionality-that-wordpress-provides-as-intended\/","title":{"rendered":"WP Engine Isn\u2019t Hacking WordPress, It Is Using Functionality That WordPress Provides as Intended"},"content":{"rendered":"<p>Right now the head of WordPress, Matt Mullenweg, is doing a lot of damage to everyone else that is involved in WordPress. The direct cause of this is that he is trying to <a href=\"https:\/\/wpengine.com\/wp-content\/uploads\/2024\/09\/Cease-and-Desist-Letter-to-Automattic-and-Request-to-Preserve-Documents-Sent.pdf\">extort a competitor<\/a> of his for-profit company Automattic. One of his tactics that has been successful in tricking some people that are not familiar with how WordPress works, is claiming the competitor is hacking WordPress to do things it shouldn&#8217;t do.<\/p>\n<p>In one post on WordPress&#8217; website, he described that hacking this way:<\/p>\n<blockquote><p><strong>What WP Engine gives you is not WordPress<\/strong>, it\u2019s something that they\u2019ve chopped up, hacked, butchered to look like WordPress, but actually they\u2019re giving you a cheap knock-off and charging you more for it.<\/p><\/blockquote>\n<p>In a follow up post, he put it this way:<\/p>\n<blockquote><p>WP Engine is free to offer their hacked up, bastardized simulacra of WordPress\u2019s GPL code to their customers, and they can experience WordPress as WP Engine envisions it, with them getting all of the profits and providing all of the services.<\/p><\/blockquote>\n<p>But if you look the two supposed hacks, it turns out that WordPress is actually intended to do be able to do those things. So WP Engine isn&#8217;t hacking anything at all.<\/p>\n<h2>Revisions<\/h2>\n<p>The first &#8220;hack&#8221; involves limiting or disabling post revisions. Here is how he described that:<\/p>\n<blockquote><p>WordPress is a content management system, and the content is <em>sacred<\/em>. Every change you make to every page, every post, is tracked in a revision system, just like the Wikipedia. This means if you make a mistake, you can <em>always<\/em> undo it. It also means if you\u2019re trying to figure out why something is on a page, you can see precisely the history and edits that led to it. These revisions are stored in our database.<\/p>\n<p>This is very important, it\u2019s at the core of the user promise of protecting your data, and it\u2019s why WordPress is architected and designed to never lose anything.<\/p>\n<p><strong>WP Engine turns this off.<\/strong><\/p><\/blockquote>\n<p>If you were to do a search to see how to disable revisions yourself, one page you might then go to is a <a href=\"https:\/\/jetpack.com\/blog\/wordpress-revisions\/\" rel=\"nofollow\">page<\/a> on the website&#8217;s for one Automattic&#8217;s businesses, which provides this explanation on how to do this, which starts this way:<\/p>\n<blockquote><p>Although revisions are enabled by default in WordPress, you can easily disable them by taking similar steps to the ones discussed above. To disable WordPress post revisions, you\u2019ll need to modify the <em>wp-config.php <\/em>file.<\/p>\n<p>You can find instructions on accessing the file in the previous section, where we cover how to limit WordPress revisions. Once you find the file, you\u2019ll need to edit the WP_POST_REVISIONS code to disable them entirely. This is the new line you\u2019ll use:<\/p>\n<pre class=\"wp-block-code\"><code>define( 'WP_POST_REVISIONS', false );<\/code><\/pre>\n<\/blockquote>\n<p>So adding a single line of code to a file allows this, despite his claim that WordPress is &#8220;architected and designed to never lose anything.&#8221;<\/p>\n<p>It goes on to link to a <a href=\"https:\/\/wordpress.org\/plugins\/disable-post-revision\/\" rel=\"nofollow\">plugin that is available in WordPress&#8217; own plugin directory<\/a> to do the same.<\/p>\n<p>Information on disabling revisions can also be found in WordPress&#8217; <a href=\"https:\/\/wordpress.org\/documentation\/article\/revisions\/\" rel=\"nofollow\">own documentation<\/a>.<\/p>\n<h2>News Feed<\/h2>\n<p>The second &#8220;hack&#8221; was described this way by him:<\/p>\n<blockquote><p>I won\u2019t bore you with the story of how WP Engine <a href=\"https:\/\/x.com\/photomatt\/status\/1838502185879167069\" rel=\"nofollow\">broke thousands of customer sites yesterday in their haphazard attempt to block our attempts to inform the wider WordPress community<\/a> regarding their disabling and locking down a WordPress core feature in order to extract profit.<\/p><\/blockquote>\n<p>The story he didn&#8217;t want to bore people with is that he heard a rumor that a news feed was being removed by WP Engine:<\/p>\n<blockquote><p>Heard a rumor @wpengine is trying to remove the news feed from wp-admin dashboards so people don&#8217;t see my post about them, can anyone confirm or deny?<\/p><\/blockquote>\n<p>If you are confused about how that relates to what he claimed about WP Engine, you are not alone. What he said doesn&#8217;t make sense.<\/p>\n<p>What actually happened is that WP Engine stopped showing links to pages being used by Matt Mullenweg as part of his extortion campaign. This doesn&#8217;t break websites and is something that, again, WordPress allows.<\/p>\n<p>One way to do that is to use a WordPress plugin. That is available <a href=\"https:\/\/wordpress.org\/plugins\/disable-events-and-news-dashboard-widget\/\" rel=\"nofollow\">plugin that is available in WordPress&#8217; own plugin directory<\/a> and, if you pay for a higher tier of Matt Mullenweg&#8217;s competing hosting service to WP Engine, <a href=\"https:\/\/wordpress.com\/plugins\/disable-events-and-news-dashboard-widget\">available as well<\/a>. The plugin uses WordPress <a href=\"https:\/\/developer.wordpress.org\/plugins\/hooks\/\" rel=\"nofollow\">hooks<\/a>, which are there to do things just like this.<\/p>\n<h2>What You Can Do About This<\/h2>\n<p>The concern that a lot of people have about the whole situation is very real. Just the fact that the head of WordPress is making those unhinged claims about a &#8220;hack&#8221; that are easily checked to be false is alarming. This situation is likely to be headed to civil legal action and possibly criminal legal action, which won&#8217;t involve those using WordPress. But what can you do?<\/p>\n<p>In the short term, making sure that Matt Mullenweg&#8217;s misinformation about WP Engine is countered is important. We have no connection to WP Engine, but they are clearly a victim, <a href=\"https:\/\/www.pluginvulnerabilities.com\/2024\/05\/13\/numerous-security-providers-fail-to-catch-that-wp-engine-didnt-fix-vulnerability-in-100000-install-wordpress-plugin\/\">even if they have their own problems<\/a>.<\/p>\n<p>In the longer term, unless things change, you can consider moving away from solutions from Automattic and maybe even WordPress. We don&#8217;t like saying that, but what is happening is really bad.<\/p>\n<p>If you use WordPress and don&#8217;t use its the Gutenberg (block) editor, you can switch over to an existing fork of WordPress, <a href=\"https:\/\/www.classicpress.net\/\">ClassicPress<\/a>. Which has been available since 2019 and, unlike, WordPress <a href=\"https:\/\/www.classicpress.net\/governance\/\">has governance<\/a>. We can <a href=\"https:\/\/www.whitefirdesign.com\/wordpress-to-classicpress-migration.html\">help with that<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Right now the head of WordPress, Matt Mullenweg, is doing a lot of damage to everyone else that is involved in WordPress. The direct cause of this is that he is trying to extort a competitor of his for-profit company Automattic. One of his tactics that has been successful in tricking some people that are &hellip; <a href=\"https:\/\/www.whitefirdesign.com\/blog\/2024\/09\/27\/wp-engine-isnt-hacking-wordpress-it-is-using-functionality-that-wordpress-provides-as-intended\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;WP Engine Isn\u2019t Hacking WordPress, It Is Using Functionality That WordPress Provides as Intended&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[289,288],"class_list":["post-5118","post","type-post","status-publish","format-standard","hentry","category-wordpress","tag-matt-mullenweg","tag-wp-engine"],"_links":{"self":[{"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/posts\/5118","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/comments?post=5118"}],"version-history":[{"count":2,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/posts\/5118\/revisions"}],"predecessor-version":[{"id":5120,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/posts\/5118\/revisions\/5120"}],"wp:attachment":[{"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/media?parent=5118"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/categories?post=5118"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/tags?post=5118"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}