Matt Mullenweg Responds to FAIR Project: Open Source Shake-Up at WordCamp Europe
WordPress co-founder reacts cautiously to Linux Foundation's surprise FAIR plugin repository reveal during WordCamp Europe.
6 min readHighlights
Matt Mullenweg expressed surprise over the FAIR announcement, citing it was developed “in secret” for six months.
The WordPress founder raised red flags about security, uptime, and analytics in decentralized plugin repositories.
Despite concerns, Mullenweg praised open-source innovation and remained open to future collaboration.
Source: Image designed by Martech Scholars via Canva Pro, illustrating the FAIR vs. WordPress.org plugin ecosystem debate.
Matt Mullenweg Reacts to FAIR Project at WordCamp Europe: A WordPress Power Shift in the Making?
At WordCamp Europe, a major announcement from the Linux Foundation caught the WordPress community off guard—and sparked a passionate debate around the future of plugin and theme repositories. The newly launched FAIR Package Manager, a decentralized system for WordPress plugins and themes, was unveiled just as the annual WordCamp conference got underway, instantly becoming a hot topic.
The FAIR (Federated Application and Integration Repository) aims to offer a distributed, open-source alternative to the current centralized WordPress.org plugin repository. This move introduces not just technical implications, but political and philosophical ones too—especially regarding transparency, trust, and control in the WordPress ecosystem.
As expected, Matt Mullenweg—WordPress co-founder and Automattic CEO—was asked to respond. And he did, twice. His tone was measured, even as he hinted at frustration over the surprise nature of the project’s launch and voiced strong concerns about its implications.
What Is FAIR? Why Now?
The Linux Foundation’s FAIR project seeks to decentralize plugin and theme repositories by enabling federated, mirrored repositories built on open standards. According to the official announcement made on June 6, 2025:
“…The FAIR Package Manager project paves the way for the stability and growth of open source content management, giving contributors and businesses additional options governed by a neutral community…”
While the FAIR project is ambitious and aligns with the broader open-source movement, its timing and delivery stirred controversy. The announcement was dropped in the middle of WordCamp Europe—a global gathering of WordPress developers, designers, and enthusiasts—without prior collaboration with the WordPress core team.
This was no coincidence. Many in the WordPress community believe the FAIR initiative is a response to recent actions by Mullenweg himself. In particular, his move to take control of certain commercial plugins, releasing his own free versions while removing existing free variants from WordPress.org, triggered widespread criticism and raised questions about centralized authority.
Mullenweg’s First Reaction: Cautiously Open but Clearly Surprised
During the Q&A session at WordCamp Europe, Mullenweg addressed the FAIR announcement within 24 hours of its release. He began by recognizing the foundational values of open source.
“That’s part of the beauty of open source—that something like this can be written using WordPress APIs,” he said.
However, his praise was tempered by concern. He emphasized that he had only learned about the project the night before and hadn’t had the chance to dive deep into its codebase.
“It did sort of drop as a surprise. It was worked on in secret for six months… but we can work past that,” he added.
This comment sparked speculation that Mullenweg felt blindsided. For a project claiming to champion openness, its launch behind closed doors struck a discordant note for many WordPress leaders.
Does the Community Want a Decentralized Plugin Repository?
Mullenweg pivoted the conversation away from personal opinions and posed a critical question: Is this something WordPress users actually want?
He acknowledged the technical challenges behind such an initiative:
“There are 72,000 plugins and themes right now. That’s about 3.2 terabytes of data—just zip files. Not even counting SVN history. If 500 mirrors pull that data, it could DDOS us.”
Beyond infrastructure concerns, he emphasized the importance of security and reliability. He highlighted that a large number of hacked websites stem from outdated plugins and stressed the need for central verification systems.
“Users want to know what’s secure, what’s trustworthy, and what’s compatible—not just where it’s hosted.”
A Second Voice: FAIR Supporter Challenges Mullenweg
Roughly 20 minutes later, another attendee—an experienced WordPress contributor—stepped up to defend the FAIR project. With 14 years on the communication team and time spent on the plugin review team, she brought strong community credentials.
“Everything we do is for plugin authors and users to make their lives easier and better,” she said.
She argued that FAIR enhances security, improves plugin discoverability, and allows developers to choose their plugin sources. Moreover, she framed it as a support mechanism for WordPress.org, claiming the FAIR mirrors could reduce load on the main servers.
“It aligns with the idea of having users and developers first in mind,” she added. “Would WordPress.org consider collaborating?”
Mullenweg’s Deeper Concerns: Complexity, Risk, and Analytics
Mullenweg again responded cautiously but didn’t hold back on the technical difficulties posed by federated systems.
“Of course we consider everything. But what you said includes challenges. Right now, a supply chain attack needs to breach WordPress.org, which has never been hacked,” he noted.
This comment drew unexpected laughter from the audience—possibly reflecting skepticism or surprise—but Mullenweg continued undeterred.
He painted a vivid picture of the added vulnerabilities and inefficiencies a decentralized system might introduce:
“Now there are N places that could be compromised. N places with uptime issues. This breaks analytics and usage stats. It complicates phased rollouts and plugin performance tracking.”
He pointed to essential features like plugin ratings, verified reviews, and PHP version compatibility—all of which depend on centralized data and moderation. Without that structure, he argued, users might lose trust.
Still, Collaboration Is Possible
Despite the clear reservations, Mullenweg was complimentary of the effort. Rather than seeing FAIR as a threat, he commended the act of creating and shipping code:
“I think it’s awesome that people are shipping code instead of just arguing or writing blog posts.”
This statement drew applause and underscored the ethos of the open-source community: Build, don’t just talk.
Mullenweg speculated that the FAIR project may become a niche tool used by a small segment of developers—or, perhaps, contain an idea that could be integrated into WordPress core or wp.org operations.
But before embracing FAIR, he emphasized the need to fully evaluate the code and infrastructure.
“I don’t want to get too far into it. I want to read the code. My colleagues should dive into it. It’s premature—less than 24 hours in—to say yes or no.”
Security, Trust, and the Future of WordPress
Mullenweg closed by bringing attention to another unresolved issue: admin banners in plugins. He questioned how FAIR would enforce policies or provide moderation across distributed platforms.
“How do we enforce admin banner rules in a distributed system?” he asked.
The community member who posed the question laughed and replied: “Maybe we should ask ChatGPT,” drawing light-hearted applause and easing the tension in the room.
Final Thoughts: A Fork in the Road for WordPress?
The FAIR project has ignited a much-needed conversation about the future of plugin distribution in the WordPress ecosystem. It’s a collision of ideals: the decentralized ethos of open source vs. the centralized efficiency and safety of the current WordPress.org infrastructure.
Mullenweg’s reaction was fair—open, yet cautious. While he acknowledged the innovation behind FAIR, he also highlighted real-world implications that cannot be overlooked.
Security, uptime, analytics, compatibility, and user trust—all hang in the balance. Whether FAIR evolves into a mainstream alternative or fades into niche adoption will depend on collaboration, transparency, and real-world testing.
What’s clear is that the WordPress ecosystem is undergoing a shift, and with powerful institutions like the Linux Foundation now directly involved, the decisions made in the coming months could define the next chapter of open-source content management.
Watch the full Q&A exchange at the 8-hour mark of the conference video:
