The Hidden Risks of Relying on WordPress: What Every Business Should Know

October 23, 2024

6 min

You might have heard about the recent drama in the WordPress community. While we won’t get too deep into the specifics, it highlights a key issue: relying on open-source tools comes with risks that businesses can’t afford to ignore. These risks can affect the stability of your platform and, ultimately, your bottom line.

Before we break down the legal, technical, and business side of things, let’s quickly recap what happened. If you're already familiar with the story, feel free to skip ahead.

What Happened in the WordPress Drama?

Recently, a major clash rocked the WordPress community. It all started when WordPress founder Matt Mullenweg publicly criticized WP Engine, a popular hosting service, for disabling key features like revision tracking to save costs. He went as far as calling them a "cancer to WordPress," which sparked legal threats from both sides.

At the core of this conflict are trademark disputes and control over how WordPress is managed. Mullenweg even blocked WP Engine from accessing WordPress.org resources, leaving many sites unable to update their plugins and themes, which made them vulnerable to security risks. This action alarmed WP Engine users, whose sites rely on regular updates to stay secure. Without access to essential resources, these sites may miss critical updates, increasing vulnerability to hackers who often exploit outdated plugins for unauthorized access.

To add fuel to the fire, Mullenweg announced a fork of the popular Advanced Custom Fields (ACF) plugin, rebranding it as "Secure Custom Fields" without the consent of the ACF team. This sparked backlash and raised concerns about the level of control one person holds over such a widely used platform.

John O'Nolan, founder of the open-source CMS Ghost, also chimed in, criticizing the centralization of power in WordPress. He noted that “40% of the web and 80% of the CMS market shouldn’t be controlled by one person.”

Read the full tweet here.

This isn’t the first time an open-source maintainer has caused a stir, but considering WordPress powers almost 40% of the web, it’s a wake-up call. It leaves us wondering just how safe businesses are when they rely on open-source tools. Before we dive deeper, let’s quickly look at other open-source dramas that have made headlines in recent years.

Other Open Source Dramas

NPM Left-Pad Incident

Back in 2016, the left-pad incident shook the developer world when a frustrated maintainer pulled the package from npm after a dispute over how his other projects were handled. Left-pad, a small but critical utility that added padding to strings, was a dependency for thousands of projects, including major frameworks like Babel and React. The sudden removal caused widespread chaos, even impacting tech giants like Meta, PayPal, Netflix, and Spotify. This incident exposed the fragility of open-source dependencies and sparked conversations about better ways to manage critical libraries.

Redis Licensing Change

Another big disruption came when Redis, a popular key-value database, switched from an open-source license to a dual-license model, limiting its use for commercial purposes. This change hit companies like Amazon Web Services (AWS), which previously used Redis in its solutions. Now, businesses have to either negotiate licensing terms with Redis Inc. or find alternatives. The move also raised questions about how much control open-source maintainers should have and whether this could set a precedent for more projects to follow.

These examples show that open-source projects, while valuable, can come with risks that businesses need to be aware of. Now, let’s break down the legal side of things and look at how licensing, trademarks, and control play into these challenges.

Legal Perspective: Can Open-Source Tools Change Their License?

Navigating the legal side of open-source projects is trickier than it looks. These projects often involve many contributors, various licenses, and even confidential agreements, so it's rarely a simple yes-or-no situation.

Take the recent WordPress vs. WP Engine battle as an example. WordPress, the software, is open-source, but the WordPress brand is protected by a trademark owned by Automattic. So while the code is free, using the WordPress name can still lead to legal issues. That's why Automattic was able to send a cease-and-desist letter to WP Engine over trademark infringement. This shows that even in the open-source world, trademarks add another layer of complexity. The code may be free, but the name? Not so much.

Now, the big question:

Can an open-source tool change its license overnight?

This can turn into a business nightmare quickly. Imagine building your entire platform on an open-source tool you trust, only to have the maintainers change the license out of the blue. Could that really happen?

The short answer is: Yes, but with some caveats.

An open-source project can change its license, but usually, the change only applies to future versions of the software. The older versions would still follow the original open-source license, meaning you could continue using them under those terms. However, any new releases could fall under a completely different set of rules.

Now, here's the tricky part: In projects with many contributors, everyone who has contributed code typically has to agree to a license change. So, while it's possible, it's not as simple as one person flipping a switch—it usually requires a more collaborative process, especially in larger projects.

This content reflects subjective opinions and is not intended as legal advice.

Our lawyer made me add this line, Gotta love those legal disclaimers!

Technical Perspective: How Feasible is it to Migrate Away from WordPress?

Some might think, “No big deal if WordPress removes the ACF plugin—we’ll just update it manually.” And yes, for some users, manually updating plugins or themes might be easy enough.

But here’s the bigger problem: What happens when security patches for core features or crucial plugins get disabled because of disputes like the one between WP Engine and WordPress? That’s not something any business can afford to risk.

So, if you're already deep in the WordPress ecosystem and looking to move away, here are a few things to keep in mind:

  • Themes and Plugins: If your site relies heavily on WordPress-specific themes or plugins, you'll likely need custom replacements or alternative libraries. This can be time-consuming and tricky, depending on how deeply integrated those features are.
  • Media Migration: WordPress stores media files in a particular way, so when migrating to another CMS, developers often need to rewrite file paths or adjust storage methods to ensure everything moves to another CMS correctly.
  • URL Structures and SEO: A smooth migration requires maintaining your URL structures and implementing redirects to avoid losing traffic or tanking your SEO rankings.
  • Data Export: On the bright side, WordPress makes data export relatively painless, thanks to its built-in export tools and the REST API, making that part of the migration a bit easier.

In short, moving away from WordPress is doable, but it comes with its own set of challenges—especially for businesses that have heavily customized their WordPress setup.

Business Perspective: What’s the Real Cost of Staying with WordPress?

When a platform as widely used as WordPress shows signs of instability—whether through disputes like the WP Engine drama or unpredictable shifts in its ecosystem—it’s time to ask: What’s the real cost of sticking around?

  • Security Risks = Potential Losses: Downtime from WordPress security breaches or plugin vulnerabilities isn’t just an inconvenience—it can be a financial disaster. If core updates or crucial security patches are delayed or blocked, your website is left exposed. Data breaches, loss of customer trust, and even legal liabilities could follow, adding up to costs no business can afford.
  • Maintenance Overload: Using an open-source platform like WordPress comes with ongoing maintenance. As disputes within the WordPress ecosystem continue to affect key plugins, you’ll face the constant need to patch, update, or even rebuild parts of your website. The time, resources, and costs associated with this add up quickly—especially for businesses without a dedicated tech team.
  • Lost Revenue from Downtime: If your site goes down because of a WordPress issue—be it due to outdated plugins, theme compatibility, or even being cut off from essential WordPress resources—every minute of downtime is lost revenue. For businesses that rely on e-commerce, this can be particularly damaging.
  • The Cost of Migrating Away: On the other hand, migrating away from WordPress can be a significant upfront investment. You’ll need to consider development costs and retraining your team on a new platform. However, the long-term benefits of a more stable, secure, and scalable CMS far outweigh the short-term costs. In the long run, this could save you from constant security worries and future-proof your business for growth.

Conclusion

If you’re considering WordPress to launch your business online, we encourage you to think twice. The recent drama shows that relying on any single platform—especially one controlled by a few key players—comes with serious risks. And if you’re already using WordPress, it might be time to explore safer, more flexible alternatives.

We’re here to help you navigate that process, minimize your risks, and future-proof your website. Whether you need a full migration or just want to weigh your options, reach out to us and book a free consultation.

Authors

Mojtaba SeyediMojtaba Seyedi

Share

xata
headless-wordpress
nuxtjs
storyblok
turborepo
render
gatsby
prismic
dato
github-pages
deno-deploy
nextjs
contentful
supabase
vercel
netlify
sveltekit
astro
bynder
strapi
hygraph
planetscale
sanity

Subscribe to newsletter.