Hi,
We are reaching out promptly and directly to inform you of Matt Mullenweg’s (CEO of Automattic and owner of WordPress.org) unprecedented and appalling actions on Oct 12th to forcibly appropriate the Advanced Custom Fields (ACF) plugin and .org listing. The potential impact of Mr. Mullenweg’s improper action is that millions of existing installations of ACF will be updated with code that is unapproved and untrusted by the experts on the ACF team at WP Engine. We want to highlight how you can immediately reduce your exposure and risk now, and ensure you are using the genuine ACF. If your website is hosted on WP Engine or Flywheel or you are an ACF PRO customer – you are not impacted and do not need to take any action. You will continue to get the latest updates, securely from the experts on the ACF team.
If you have a website that is NOT managed on WP Engine or Flywheel AND are using the free version of ACF you must perform a one-time download of the 6.3.8 version via advancedcustomfields.com in order to get genuine ACF updates and remain safe in the future. After this one-time download you will be able to safely update as usual via the WP Admin panel.
If your site has already updated to the modified “Secure Custom Fields” plugin, you can also follow the process above to get back to a genuine version of ACF, and should not experience any loss of configuration or data doing so before there is further change to the ACF code.
The WordPress community has trusted ACF for over a decade and the expert stewards of ACF will continue to support and enhance the capabilities that our users love and trust. If you have any questions our technical support team is standing by to support you. On behalf of our entire team, we are grateful for the continued opportunity to serve your customers, your business and team.
For a more in-depth overview of what has happened with the free ACF plugin and WordPress.org, you can read this post here.
The WP Engine Security team
Corpo War.
