back to article WordPress forces user conf organizers to share social media credentials, arousing suspicions

Organisers of WordCamps, community-organized events for WordPress users, have been ordered to take down some social media posts and share their login credentials for social networks. The order to share creds came from an employee of Automattic, the compay whose CEO happens to be Matt Mullenweg, co-creator of WordPress, and …

  1. sarusa Silver badge
    Devil

    Yes, this is hardly a surprise

    > But Peterson told The Register she is aware of a "history of Automattic taking actions regarding organizers similar to this."

    Yes, they have been customer hating arseholes for decades. When you do business with certain companies like Broadcom, Oracle, Automattic, Facebook, Twitter, anything the Angry Toddler went near, etc. you have to go in holding your nose and knowing they're out to screw you. Then while you're holding your nose your WordPress installation gets hacked again. :p

    I do understand that you are upset that the devil you willingly got in bed with is now acting like a devil again and are speaking up about it because you hope it will change something, but no, Boris will repent and become an erudite, well educated scholar and gentleman before Automattic stop being thugs.

    On re-reading, I apologize that the tone is so harsh, but I've seen so many 'Oh no, we crawled into the Pit of Endless Venomous Snakes and there were snakes! And they were venomous! And endless! Nobody could have known! One star!' stories lately. If you're holding a WordPress event, you know what they're like.

    1. Anonymous Coward
      Anonymous Coward

      Re: Yes, this is hardly a surprise

      My only slim hope is that all the complaining, combined with the level of scrutiny of the WPE case will help to force a change.

      In leadership, not in Matt himeself - he is who he is, he's never going to change (and so shouldn't be in the position he's in).

      But, the realist in me says nothing will change (apart from a few more people understanding why it's better to walk way from Wordpress)

    2. anothercynic Silver badge

      Re: Yes, this is hardly a surprise

      I'll just repeat what I said elsewhere (on a previous thread of Days of Our WordPress...):

      Automattic's CEO and by extension Automattic is really making a mess and turning people off with this behaviour. The more they spit their dummy out and the more they start banning this, that, and everything else that has a whiff of WP Engine about it, the more people will eventually look at it and go "not worth the aggro" and start looking for alternatives.

      They might've had a point originally, but going nuclear like a toddler does not endear them (or their cause) to anyone.

  2. abend0c4 Silver badge

    The Community Team...

    ... is it just me, or does that sound rather sinister? A group of people who use the same commercial services is not really a community - and certainly not in community with their suppliers - and believing (and being encouraged to believe) they are is part of the problem.

    i don't know exactly what stake the local organisers have in "their" conference, but presumably they could either just pull out or alternatively change the name and get their sponsorship elsewhere.

    1. Scotech

      Re: The Community Team...

      They can just call it the 'WordPress Users Sydney' conference, or something similar. Automattic can scream 'til they're blue in the face about their commercial rights to the trademark, but this would be a fairly clear-cut case of fair use, since there's no other way of referring to the primary subject-matter of the conference. So long as the name doesn't use the official 'WordCamp' brand, and so long as it doesn't use the WordPress logo or branding in any way that might imply it's directly affiliated with Automattic or the WordPress Foundation, it's fair game. Taking a stand is the only way Matt's going to be reined in here. Unfortunately I don't think most volunteer organisers would have the stomach for a fight like that, and I don't blame them.

      1. xyz123 Silver badge

        Re: The Community Team...

        Instead of WordPress Camp:

        WordPress Tent - UK

        WordPress Glamping - Australia

        WordPress Trailerpark - Alabama

        1. Bebu
          Coat

          Re: The Community Team...

          WordPress Trailerpark - Alabama

          The event held next to the Mullenweg campervan? :)

          All the the grace and poise of a trailerpark denizen evident in this spat.

        2. ForthIsNotDead
          Happy

          Re: The Community Team...

          Wordpress Trailerpark - I'm dying!!!!

  3. xyz123 Silver badge

    So basically to use wordpress I have to give this guy my logins and PASSWORDS.

    Probably also my mothers maiden name, the name of my first dog, DOB and place of birth too right?

    Also for "security" I have to change my address with my bank to his house?

    WTF is he on?

    1. Scotech

      This is a man who puts his blog on the homepage of the dashboard of his product (and gets pissy if anyone ever removes it) and who embedded his own name into the name of his company. He's been an egotistical narcissist all along, but usually he's confined that to relatively harmless spats. This time, I guess he's just off his meds or something?

    2. tfewster
      Facepalm

      "When posting from an official WordCamp account..."

      Not your personal ones

      1. John Brown (no body) Silver badge

        Even so, in most organisations and most social media accounts, the responsible ones anyway, you are instructed the NEVER share your credentials with anyone. At most, you may need to prove who you are to have your account unlocked or password reset and that's usualy done "blind" by the helldesk so only you get the reset code or whatever method they use. If my boss demanded by log-in creds, I'd be entirely within my rights to go above him for confirmation, or even to board level to request clarification on his demand. That's basic infosec these days.

      2. Anonymous Coward
        Anonymous Coward

        Won't be too long before it's a requirement for personal accounts too!

  4. xyz123 Silver badge

    Imagine you run social media for a large corporation.

    You have to give your social media login to this guy.

    he suddenly decides YOUR corporate social media account is going on a death-to-the-west, hate the N-words, Death to the gays crusade..............

    1. Roland6 Silver badge

      That’s why you use a privileged credential management system…

  5. DJV Silver badge

    The Shitshow Goes On!

    Time to buy shares in the popcorn industry...

  6. Guy de Loimbard Silver badge
    WTF?

    Maybe I didn't read it right

    But did they ask for your login details, or merely what your Social Media Handles are?

    Either way it's just weird and should alert all and sundry to the type of BS you're wading through.

    For the brief period of time I had or used Wordpress in any capacity, I had nothing but issues with scanning bots constantly trying to find vulnerabilities to exploit.

    Really not worth the hassle, for me at least.

    1. Roland6 Silver badge

      Re: Maybe I didn't read it right

      Agree it is weird as is ElReg saying “ So far, so sensible.” to something that clearly isn’t.

      1. bombastic bob Silver badge
        WTF?

        Re: Maybe I didn't read it right

        maybe it was snark... I momentarily paused when I read that, figured I missed some detail, and moved along. Perhaps I'll revisit that instead

    2. Roger Lipscombe

      Re: Maybe I didn't read it right

      I _think_ that Automattic wants the login credentials for the accounts associated with the _events_. That is: not the organizer's personal deets, just a way to recover control of the event pages if the organizer goes dark.

      The article could do a better job of explaining this, I think.

      Now, it's an entirely separate issue why an organizer might have recently decided to have nothing to do with WordPress events...

      1. TheMaskedMan Silver badge

        Re: Maybe I didn't read it right

        "just a way to recover control of the event pages if the organizer goes dark"

        Dark? Or off message? Even if it's innocent, and I bet it's not, this just looks like a way to prevent folks from saying nice things about the "enemy", and removing them if they do.

        This whole farce is getting more stupid - and more entertaining - by the week. If I still used wordpress I'd be looking for alternatives right now. As it is, I got fed up of having my sites hacked and abandoned it years ago. When I get around to launching new sites, they will not be on WordPress.

    3. Scotech

      Re: Maybe I didn't read it right

      One of the reasons I ditched it in the end. The amount of time I was having to dedicate to keeping it up to date and secured wasn't proportionate to the utility of it. The killer was when I realised I didn't need a back-end dashboard, server-side rendering, the ability to log in, edit online or any of the other stuff PHP is used for, thanks to the maturity of modern frameworks like Gatsby and Astro.

      Now I use front-end frameworks or fully hand-code my own sites, and it's way faster for me, as well as being only as hackable as my hosting provider. I'd hope they're way more on top of security than me, but it's hard to be sure with most providers - would be nice if providers were required to be more transparent around security, but I digress.

      The point is, for commercial or tech-savvy users, there's really no reason to still be using WordPress today, and I'd argue there's solutions out there that are just as good or better for novices too. The disadvantages of sticking with WordPress already outweighed the advantages in my book, and that was before all this drama.

      1. Pascal Monett Silver badge

        That's the whole point of WordPress

        It's for the vast majority of people who do not have the ability to code their own website.

        The click-and-drag components are easy to get a grip on, you don't need to learn everything to get a website up and running in an hour, and the people this is geared toward are the kind who don't want to waste an entire day on this.

        And then you have social media, which is largely sufficient for many, many people as well. I'm talking FaceBook, obviously, but YouTube channels, Instagram, even TikTok are places where people can express what they want to say without thinking about the technical side of things.

        But yes, if you want a website you control and isn't subject to vulnerabilities you never thought of including, then hand-coding is certainly the most powerful manner of getting there. You just have to be able to do that, and not everyone can.

        1. Brewster's Angle Grinder Silver badge

          Re: That's the whole point of WordPress

          "...you don't need to learn everything to get a website up and running in an hour..."

          And people wonder why websites get hacked...

          1. Glen 1

            Re: That's the whole point of WordPress

            I can't program operating systems, but I can install Linux in (well) under an hour. Should I not do that?

            I can't write a compiler, but I have GCC installed. Should I not do that?

            I can't implement my own python interpreter, but have python installed. Should I not do that?

            I can't implement my own encryption, but use SSH. Should I not do that?

            Facetious, I'll admit - but even with the most control-freak interpretation of open source, there comes a point where you are trusting someone else's code.

        2. LVPC

          Re: That's the whole point of WordPress

          Maybe people who can't be arsed to learn how to code their own websites shouldn't be making websites?

          1. doublelayer Silver badge

            Re: That's the whole point of WordPress

            If you haven't built your own mail client and then used only that, you shouldn't be sending email. Does that make any sense? The logic works just as well for websites.

            Not to mention that the worst monstrosities of web insecurity and unmaintainability I've had the misfortune to witness haven't come from the truly clueless. Don't get me wrong, they can make some pretty awful stuff if they put their mind to it, but most of the time, they wind up with something formulaic sticking with defaults which are not great. To do very badly, I recommend a "professional" web designer who has their ideas about what is important, which mostly boils down to whatever they got familiar with in 2007 with updates disabled so it still looks the same way. With the general user, applying security updates generally works. You have to do it because they didn't bother, but you rarely need the backups you make. With the latter, things start to crack at the edges when you make small changes and fall apart for larger ones.

            The history of computing has involved making things more user friendly, because if you don't, someone else will and they may not do as good a job. Websites are not so complex that they need to be reserved to hand-coded HTML. In many cases, it's because hand-coded HTML is not going to let you build the kind of site you want quickly or accurately enough anyway. Yes, it works great for your site and many of the ones I've built, but my sites are so small that only I ever need to touch their code and used by few enough people that, if the bus ever comes for me, it will continue to work until a replacement for me is found. A lot of sites have neither attribute and may need something more than that.

          2. sabroni Silver badge
            FAIL

            Re: Maybe people who can't be arsed to learn how to code their own websites

            Maybe people who can't be arsed to learn how cars work shouldn't be driving.

            Maybe people who can't be arsed to learn how an oven works shouldn't be baking.

            Maybe people who can't be arsed to think it through for a second before hitting submit shouldn't be posting?

  7. sabroni Silver badge
    WTF?

    WP Engine contends that it does plenty for the community.

    Why? It doesn't have to do anything for the "community".

    It should have replied with "Which part of Open Source don't you understand?"

    1. Jason Bloomberg Silver badge

      Re: WP Engine contends that it does plenty for the community.

      And they should have told him to go fuck himself with respect to "Mullenweg argues that private-equity-controlled WP Engine is not acting the in spirit of open source by profiting from WordPress" [sic].

      Whether acting in the "spirit of open source" or not is irrelevant so long as they are complying with the requirements of licensing.

      Sure, I've been there, have often thought "I wish those profiting from the work I do for free would throw me a share of those profits" but I knew the path I was walking down and the likely consequences of doing that.

      This is merely childish "not fair!" and "private-equity-controlled" seems to be mostly demonisation, intended to tug on the heart-strings, intended to suggest he's being hard done by when I don't see that he is.

      Grow up.

  8. Anonymous Coward
    Anonymous Coward

    Login creds for social networks?

    That's easy. None.

    I simply don't do Farcebook etc.

    Once upon a time, I did have a LinkedIn account but I deleted that the day Ms took them over.

    1. Anonymous Coward
      Anonymous Coward

      Re: I simply don't do Farcebook etc.

      You

      Are

      Sooooooooooooooooo Cool!!!!!!!!

  9. Doctor Syntax Silver badge

    In a hole, digging like mad.

  10. Anonymous Coward
    Anonymous Coward

    I doubt that's legal

  11. Blackjack Silver badge

    [share their login credentials for social networks.]

    Fck No.

    I would just walk away.

  12. This post has been deleted by its author

  13. CowHorseFrog Silver badge

    Every day we see more examples of the similarities between Russia and America.

    Social media surveillance would make the KGB of the USSR proud, behaviours as those mentioned in the article again sound a lot like how it is in a dictatorship.

    In the end america is ruled by dictators who infringe on the most basic of human rights just like USSR, with pointless stupid surveillancem that achieves nothing.

    1. Ace2 Silver badge

      This is just… stupid. Automattic, while dumb, is not a part of the US government.

      1. CowHorseFrog Silver badge

        Ace2:

        This is just… stupid. Automattic, while dumb, is not a part of the US government.

        Cow:

        Thats the genius of it, fuckwits like you actually think the media and big tech are independent.

        The American media be it the news or movies, or sports always supports the government. Take a look at the media and the us military brainwashing operation. Funny how americans are supposed to die for their country, but their country says its wrong to give something back to the citizens like actual human rights that the rest o fthe western world has given their citizens.

        Next your going to tell me that religion exists around thew orld because its the "right" thing not because its a brainwashing operation for the rulers.

  14. rndSheeple

    ICredibility was lost

    at the "give us your credentials" be it "for the children" or anything else. Literally a dealbreaker.

  15. Zippy´s Sausage Factory

    Sharing credentials is the sort of thing that can get you banned on X. Plus don't Automattic have a legal hold on things due to ongoing litigation? I'm sure neiother X nor the judges will look upon this cation very favourably.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like