If you want to take a favorable view of the head of WordPress Matt Mullenweg’s criticism of WP engine, he was concerned about how much they are giving back to WordPress (the way WP Engine’s lawyer portrays it; it sounds like extortion). To do that, he was citing the disparity between their pledged time for WordPress through the Five for the Future program and his company’s. As we noted yesterday, that company, Automattic, claimed to pledging time to a team that appears to have last been active over two years ago. They were not alone, as there were 331 pledges for that team. Many of them didn’t look legitimate. That turns out to be a wider issue.

The Plugin Review Team, which is supposed to handling the security of the WordPress Plugin Directory, among other tasks, currently has 14 listed members:

There is unexplained posting on the team’s blog by non-team members who all work for Automattic, so there may be several additional off the books members.

In spite of that small team size, somehow there are currently 338 people that are pledging time to the team:

The team doesn’t have projects that others could be participating in that could possibly explain that.

Like the Tide team, a lot of these don’t seem real. Here, for example, is someone pledging one hour a week across 21 teams:

That works out to under 12 minutes per team every four weeks. How could someone do something meaningful in that timeframe?

Notably, they only have one piece of activity on their account despite being over a year old.

We found three accounts (1, 2, 3) that are claiming to volunteer 40 hours a week to only this team, where the people are not listed as members of the team.

Getting back to Automattic for a moment, one of their employees is sponsored for 40 hours a week for three teams, including the Plugin Review Team, despite not being listed as a member of the team:

At 40 hours, it would suggest Automattic has them working on WordPress full time, but there isn’t much in their recorded activity to match with that. Another Automattic employee also sponsored for 40 hours a week, when questioned about what they were doing for all that time, stated, “these pledges aren’t hard and fast accountings of time spent by anyone, at Automattic or elsewhere.” If someone’s full-time job is working on WordPress, then the accounting should be easy.

Lack of Vetting

Based on what we are finding, it appears that there isn’t vetting of these pledges. That makes it rather problematic to make assessments, as Matt Mullenweg wants to do, based on that. Considering the extent that WordPress operates as an arm of Automattic, it would be best if a group of people independent from that company would be brought together to provide vetting of that before it was used as he has already been doing.