A coalition of veteran WordPress contributors, supported by the Linux Foundation, has unveiled a new initiative aimed at decentralizing WordPress infrastructure, enhancing supply chain security, and rebuilding trust within the community amid growing friction with Automattic, the company behind WordPress.org.
The FAIR (Fully Automated and Independent Releases) package management project will be formally announced later this month at a conference in Switzerland. It aims to enable web hosting providers and large organizations to operate their own mirrors for WordPress core updates, plugins, themes, and translations—reducing reliance on WordPress.org, which is controlled by Automattic CEO Matt Mullenweg.
Proponents say the FAIR network will improve security, reduce costs, and open new business opportunities for the millions who depend on WordPress-powered hosting.
The project was conceived in response to recent controversies involving Mullenweg. In September, he cut off access to the popular WordPress hosting provider WP Engine, accusing it of profiting billions from the open-source platform without giving back adequately and alleging trademark violations that caused confusion. Following this dispute, about 150 employees departed Automattic after being offered buyouts by Mullenweg.
“Last October, when Automattic took over some functions of WP Engine’s products in the ecosystem, we received calls from chief legal officers of some large clients, expressing that this represented a supply chain security issue,” said Karim Marucchi, CEO of enterprise agency Crowd Favorite and a lead FAIR project initiator.
Around the same time, Yoast SEO founder Joost de Valk reached out to Mullenweg. While he agreed WordPress needed a fairer contribution model, de Valk disagreed with Mullenweg’s approach. “After that, communication pretty much stopped because I didn’t agree with his view,” de Valk explained.
A central issue is WordPress.org’s monopoly over updates and extensions for every WordPress site. “We realized a lot of the ecosystem is beyond our control,” de Valk noted. “One big concern is that WordPress.org is not part of the WordPress Foundation but is privately owned by Matt, who treats it like his personal website.”
WordPress Executive Director Mary Hubbard emphasized that users have always retained control over how and where their sites receive updates, a flexibility available since WordPress’s inception. “The beauty of WordPress and open source is that people can completely control how they run it and modify it,” she told Fast Company.
The FAIR system offers a fully compatible alternative that operates independently from WordPress.org. “It’s still 100% WordPress, just a different distribution,” said de Valk. Rather than a fork, FAIR provides server components that anyone can run. Over 100 contributors from more than 10 organizations have participated in FAIR’s development over the past six months, with the Linux Foundation providing neutral oversight.
Hubbard pointed out that some major hosts like Newfold/Bluehost have already implemented custom mirrors, and that WordPress’s update system has always allowed users to modify update sources. “The important thing is users know where updates come from and have the option to change it,” she said.
Mike Dolan, Senior Vice President of Legal and Strategic Programs at the Linux Foundation, highlighted WordPress’s importance as critical communication infrastructure for organizations relying on it for websites, content management, blogging, and media. “To maintain a system like this, you need a reliable backend,” he said.
To avoid centralization, the Linux Foundation has established a technical steering committee co-chaired by longtime WordPress leaders Carrie Dils, Mika Epstein, and Ryan McCue. McCue, architect of the WordPress REST API, called FAIR “a platform powering WordPress’s next several decades” and stressed the community has become “fractured” and needs reunification.
Dolan echoed this view, praising FAIR’s organic, community-driven nature. “This is the product of the community—lifelong contributors who want to build it and move forward together,” he said.
Jory Burson, Linux Foundation Vice President of Standards and FAIR participant, expressed hope that FAIR would “reintroduce and revitalize the community,” which she noted has suffered from low morale. “This will excite people and help lift some negativity and drama,” she added. “We want to highlight the very positive future WordPress still has.”
Despite FAIR’s origins in frustration with Automattic’s control over WordPress.org, supporters insist it is not a competitive fork. “When we launched on Friday, the first thing out of everyone’s mouth was, ‘We’ll make this code available to Automattic, WP Engine, GoDaddy, Newfold—everyone,’” Marucchi said.
If widely adopted, FAIR would allow developers to simultaneously release free and paid plugin versions under the same signed package—a capability currently barred by the official WordPress plugin repository. “This opens the door for innovation and makes it easier to build businesses around plugins while delivering great user experiences,” de Valk said.
Still, Hubbard cautioned that fragmenting WordPress’s core infrastructure could cause more issues than it solves, such as disrupting update flows, increasing server load, and undermining plugin compatibility telemetry. “If this work brings improvements—like signed updates or better rollback systems—we welcome it,” she said. “But it must be approached with the same long-term caution we have applied before.”
The FAIR codebase is now open on GitHub, inviting community contributions. Automattic’s participation remains uncertain, but the project team plans to move forward regardless. “We’re dealing with a community that has faced trust challenges in the past and is seeking stability,” Dolan said. “They want neutrality. They have things they want to accomplish.”
Related Topics
- Automattic Resumes Full WordPress Contributions
- WordPress Warned of Credential-Stealing Cache Plugin
- Motors WordPress Theme Flaw Allows Unauthorized Admin Access
