WordPress forces user conf organizers to share social media credentials, arousing suspicions Organisers of WordCamps, community-organized events for WordPress users, have been ordered to take down some social media posts and share their login credentials for social networks. The order to share creds came from an employee of Automattic, the compay whose CEO happens to be Matt Mullenweg, co-creator of WordPress, and …
> But Peterson told The Register she is aware of a "history of Automattic taking actions regarding organizers similar to this."
Yes, they have been customer hating arseholes for decades. When you do business with certain companies like Broadcom, Oracle, Automattic, Facebook, Twitter, anything the Angry Toddler went near, etc. you have to go in holding your nose and knowing they're out to screw you. Then while you're holding your nose your WordPress installation gets hacked again. :p
I do understand that you are upset that the devil you willingly got in bed with is now acting like a devil again and are speaking up about it because you hope it will change something, but no, Boris will repent and become an erudite, well educated scholar and gentleman before Automattic stop being thugs.
On re-reading, I apologize that the tone is so harsh, but I've seen so many 'Oh no, we crawled into the Pit of Endless Venomous Snakes and there were snakes! And they were venomous! And endless! Nobody could have known! One star!' stories lately. If you're holding a WordPress event, you know what they're like.
My only slim hope is that all the complaining, combined with the level of scrutiny of the WPE case will help to force a change.
In leadership, not in Matt himeself - he is who he is, he's never going to change (and so shouldn't be in the position he's in).
But, the realist in me says nothing will change (apart from a few more people understanding why it's better to walk way from Wordpress)
I'll just repeat what I said elsewhere (on a previous thread of Days of Our WordPress...):
Automattic's CEO and by extension Automattic is really making a mess and turning people off with this behaviour. The more they spit their dummy out and the more they start banning this, that, and everything else that has a whiff of WP Engine about it, the more people will eventually look at it and go "not worth the aggro" and start looking for alternatives.
They might've had a point originally, but going nuclear like a toddler does not endear them (or their cause) to anyone.
... is it just me, or does that sound rather sinister? A group of people who use the same commercial services is not really a community - and certainly not in community with their suppliers - and believing (and being encouraged to believe) they are is part of the problem.
i don't know exactly what stake the local organisers have in "their" conference, but presumably they could either just pull out or alternatively change the name and get their sponsorship elsewhere.
They can just call it the 'WordPress Users Sydney' conference, or something similar. Automattic can scream 'til they're blue in the face about their commercial rights to the trademark, but this would be a fairly clear-cut case of fair use, since there's no other way of referring to the primary subject-matter of the conference. So long as the name doesn't use the official 'WordCamp' brand, and so long as it doesn't use the WordPress logo or branding in any way that might imply it's directly affiliated with Automattic or the WordPress Foundation, it's fair game. Taking a stand is the only way Matt's going to be reined in here. Unfortunately I don't think most volunteer organisers would have the stomach for a fight like that, and I don't blame them.
This is a man who puts his blog on the homepage of the dashboard of his product (and gets pissy if anyone ever removes it) and who embedded his own name into the name of his company. He's been an egotistical narcissist all along, but usually he's confined that to relatively harmless spats. This time, I guess he's just off his meds or something?
Even so, in most organisations and most social media accounts, the responsible ones anyway, you are instructed the NEVER share your credentials with anyone. At most, you may need to prove who you are to have your account unlocked or password reset and that's usualy done "blind" by the helldesk so only you get the reset code or whatever method they use. If my boss demanded by log-in creds, I'd be entirely within my rights to go above him for confirmation, or even to board level to request clarification on his demand. That's basic infosec these days.
But did they ask for your login details, or merely what your Social Media Handles are?
Either way it's just weird and should alert all and sundry to the type of BS you're wading through.
For the brief period of time I had or used Wordpress in any capacity, I had nothing but issues with scanning bots constantly trying to find vulnerabilities to exploit.
Really not worth the hassle, for me at least.
I _think_ that Automattic wants the login credentials for the accounts associated with the _events_. That is: not the organizer's personal deets, just a way to recover control of the event pages if the organizer goes dark.
The article could do a better job of explaining this, I think.
Now, it's an entirely separate issue why an organizer might have recently decided to have nothing to do with WordPress events...
"just a way to recover control of the event pages if the organizer goes dark"
Dark? Or off message? Even if it's innocent, and I bet it's not, this just looks like a way to prevent folks from saying nice things about the "enemy", and removing them if they do.
This whole farce is getting more stupid - and more entertaining - by the week. If I still used wordpress I'd be looking for alternatives right now. As it is, I got fed up of having my sites hacked and abandoned it years ago. When I get around to launching new sites, they will not be on WordPress.
One of the reasons I ditched it in the end. The amount of time I was having to dedicate to keeping it up to date and secured wasn't proportionate to the utility of it. The killer was when I realised I didn't need a back-end dashboard, server-side rendering, the ability to log in, edit online or any of the other stuff PHP is used for, thanks to the maturity of modern frameworks like Gatsby and Astro.
Now I use front-end frameworks or fully hand-code my own sites, and it's way faster for me, as well as being only as hackable as my hosting provider. I'd hope they're way more on top of security than me, but it's hard to be sure with most providers - would be nice if providers were required to be more transparent around security, but I digress.
The point is, for commercial or tech-savvy users, there's really no reason to still be using WordPress today, and I'd argue there's solutions out there that are just as good or better for novices too. The disadvantages of sticking with WordPress already outweighed the advantages in my book, and that was before all this drama.
It's for the vast majority of people who do not have the ability to code their own website.
The click-and-drag components are easy to get a grip on, you don't need to learn everything to get a website up and running in an hour, and the people this is geared toward are the kind who don't want to waste an entire day on this.
And then you have social media, which is largely sufficient for many, many people as well. I'm talking FaceBook, obviously, but YouTube channels, Instagram, even TikTok are places where people can express what they want to say without thinking about the technical side of things.
But yes, if you want a website you control and isn't subject to vulnerabilities you never thought of including, then hand-coding is certainly the most powerful manner of getting there. You just have to be able to do that, and not everyone can.
I can't program operating systems, but I can install Linux in (well) under an hour. Should I not do that?
I can't write a compiler, but I have GCC installed. Should I not do that?
I can't implement my own python interpreter, but have python installed. Should I not do that?
I can't implement my own encryption, but use SSH. Should I not do that?
Facetious, I'll admit - but even with the most control-freak interpretation of open source, there comes a point where you are trusting someone else's code.
If you haven't built your own mail client and then used only that, you shouldn't be sending email. Does that make any sense? The logic works just as well for websites.
Not to mention that the worst monstrosities of web insecurity and unmaintainability I've had the misfortune to witness haven't come from the truly clueless. Don't get me wrong, they can make some pretty awful stuff if they put their mind to it, but most of the time, they wind up with something formulaic sticking with defaults which are not great. To do very badly, I recommend a "professional" web designer who has their ideas about what is important, which mostly boils down to whatever they got familiar with in 2007 with updates disabled so it still looks the same way. With the general user, applying security updates generally works. You have to do it because they didn't bother, but you rarely need the backups you make. With the latter, things start to crack at the edges when you make small changes and fall apart for larger ones.
The history of computing has involved making things more user friendly, because if you don't, someone else will and they may not do as good a job. Websites are not so complex that they need to be reserved to hand-coded HTML. In many cases, it's because hand-coded HTML is not going to let you build the kind of site you want quickly or accurately enough anyway. Yes, it works great for your site and many of the ones I've built, but my sites are so small that only I ever need to touch their code and used by few enough people that, if the bus ever comes for me, it will continue to work until a replacement for me is found. A lot of sites have neither attribute and may need something more than that.
Maybe people who can't be arsed to learn how cars work shouldn't be driving.
Maybe people who can't be arsed to learn how an oven works shouldn't be baking.
Maybe people who can't be arsed to think it through for a second before hitting submit shouldn't be posting?
And they should have told him to go fuck himself with respect to "Mullenweg argues that private-equity-controlled WP Engine is not acting the in spirit of open source by profiting from WordPress" [sic].
Whether acting in the "spirit of open source" or not is irrelevant so long as they are complying with the requirements of licensing.
Sure, I've been there, have often thought "I wish those profiting from the work I do for free would throw me a share of those profits" but I knew the path I was walking down and the likely consequences of doing that.
This is merely childish "not fair!" and "private-equity-controlled" seems to be mostly demonisation, intended to tug on the heart-strings, intended to suggest he's being hard done by when I don't see that he is.
Grow up.
This post has been deleted by its author
Every day we see more examples of the similarities between Russia and America.
Social media surveillance would make the KGB of the USSR proud, behaviours as those mentioned in the article again sound a lot like how it is in a dictatorship.
In the end america is ruled by dictators who infringe on the most basic of human rights just like USSR, with pointless stupid surveillancem that achieves nothing.
Ace2:
This is just… stupid. Automattic, while dumb, is not a part of the US government.
Cow:
Thats the genius of it, fuckwits like you actually think the media and big tech are independent.
The American media be it the news or movies, or sports always supports the government. Take a look at the media and the us military brainwashing operation. Funny how americans are supposed to die for their country, but their country says its wrong to give something back to the citizens like actual human rights that the rest o fthe western world has given their citizens.
Next your going to tell me that religion exists around thew orld because its the "right" thing not because its a brainwashing operation for the rulers.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
