One of the unfortunate realities of the current situation with WordPress is that the problems surfaced are hardly limited to Matt Mullenweg. Long ago, the people controlling areas of WordPress that we had the most interaction were often people that were similar to Matt Mullenweg in many ways. The security issues with WordPress plugins today largely exist because of the people who have run the plugin directory, the WordPress Plugin Review Team. They have long been actively hostile to working with other to address problems, when not actually creating the problems. Like Matt Mullenweg, members of the team have portrayed themselves as victims in situations where they were definitely not victims. That made a recent set of events unsurprising to us.

A week ago, the Repository allowed a member of the team to anonymously complain about the forking of the Advanced Custom Fields (ACF) Pro plugin and claim that their team had no responsibility for it:

A member of the WordPress Plugin Review Team, speaking on the condition of anonymity, confirmed that after Kraft submitted the ACF Pro fork it was approved by another Automattic employee, bypassing the Plugin Review Team’s usual processes and checks.

“Many things inside of the ACF Pro fork would not pass the plugin review process, and as far as I can see, no one on the Plugin Review Team was aware of or reviewed any of the code, because if we did we would have rejected it for violating many of the guidelines,” the reviewer said.

“It pisses me off that internal people at Automattic can go over our heads to approve anything they want. It minimizes our time and contributions as volunteers.

“At this point, why not have internal people at Automattic maintain the plugin repo since they neglect the Plugin Review Team altogether on many of their actions? What’s the point of having an unbiased review team, if one company ultimately has complete control over it all?”

Why grant someone anonymity like that? If they are truly a volunteer and things are being done inappropriately, they can simply leave. They haven’t left. The team’s page listing the members of the team shows no members having left the team. In fact, since the extortion campaign against WP Engine went public, the team has only added members.

The Repository’s coverage of this situation also failed to mention that the rules of the plugin directory were changed in October to allow forking premium WordPress plugins. So the team’s members had reason to believe that something like happened would happen well in advance, but they continued to be on the team.

We should also note that among the many issues with the team’s members, they have long made a big deal about being volunteers even when all the members of the team were being paid for their involvement. So it shouldn’t be assumed they are truly a volunteer.

That person is not the first that the Repository allowed to anonymously complain while continuing to be involved. That works well for Matt Mullenweg, as he needs people to help him to keep things running to keep control of WordPress. Anonymous criticism doesn’t have much impact on that.