You may or may not be aware of the situation unfolding with Automattic and their CEO Matt Mullenweg against WP Engine. I recommend reading the following to get up to speed.
We’re not in the business of adding opinion to that, but I feel the need to write this because Piccalilli has such a vast reach and I’m genuinely concerned about the security of WordPress-powered websites.
As part of Matt’s increasing irresponsible and irrational behaviour, WordPress took over the extremely popular plugin, Advanced Custom Fields (ACF), renaming it “Secure Custom Fields” (SCF). With it, they stole years of reputation, good reviews and most importantly, trust from ACF.
If you update ACF via your wp-admin dashboard, it will be replaced with SCF. SCF does not have the ACF team behind it, so updating to SDF will potentially put your website at risk. It’s also important to note that this affects users of the free ACF plugin, not paid users who already get updates direct from ACF.
Thankfully, ACF are on top of this and have published an article explaining what you need to do if you are affected by these events. If you have already updated to SCF, you can reverse that with ACF’s published advice too.
I’ve long been a fan of WordPress and probably will continue to be. I want this situation resolved, but I fear we are beyond that being possible unless there are huge changes at the most senior level of WordPress — especially the open source project. My advice is to be aware of what’s going on and keep an extra keen eye on your WordPress projects.
To those whose businesses rely on WordPress, all I can do is send my deepest sympathies. You’re going through a tough time right now. My advice to you is to frequently keep your clients in the loop with what’s happening and your response to these extremely turbulent times. All the best to you, too!