How to Stop Your Plugins & Themes from Being Used on WordPress.com Hosting

In recent months, the WordPress® community has faced increasing challenges stemming from nuclear decisions made by Automattic’s CEO, Matthew Charles Mullenweg.

During WordCamp US 2024, Mullenweg launched what he referred to as a “nuclear” war against WP Engine – a dick move that showed everyone what type of person was really in control of WordPress®.

This public display of hostility toward a core part of the WordPress® ecosystem has left many of us questioning the future of the open-source project.

WordPress® has always been about freedom: freedom to innovate, freedom to share, and freedom to choose.

However, recent restrictions imposed on developers and hosting providers associated with WP Engine have undermined these principles.

So let’s do something about it 😎

Restricted plugin access for WordPress.com users

As a direct statement against these actions, you can add a simple script to your plugins to stop them from being used on WordPress.com hosted websites – a platform that has increasingly prioritized control and cash over collaboration and community.

Let’s break down the code you can use in your plugins and themes to take a stand against the BDFL formerly known as Matthew Charles Mullenweg.

The Code

The utility code prevents your plugins and themes from being activated or used on WordPress.com-hosted sites.

It’s designed to detect the WordPress.com environment, deactivate your plugin or theme automatically, and display appropriate notices to users.

You can install it with composer via Packagist.

WPCom Check composer install script

You can also find the code in it’s GitHub repository to review in detail.

How the Code Works

Centralized Helper Class

The WPComPluginHandler class encapsulates all the key functionality:

  • Environment Detection: The pluginCheck method checks for the IS_WPCOM constant to determine if the site is hosted on WordPress.com.
  • Plugin Deactivation: If the site is hosted on WordPress.com, it ensures the plugin is deactivated and a deactivation notice is saved in the database.
  • Scoped Execution: The deactivation logic runs only in the admin context, ensuring frontend performance is unaffected.

Automatic Deactivation

The autoDeactivate method is hooked into the plugins_loaded action, which runs after all plugins are loaded. If WordPress.com is detected, it deactivates the plugin automatically without further user interaction.

User Feedback

  • Admin Notice: When the plugin is deactivated, an admin notice is displayed to inform users about the reason for deactivation and provides a link to learn more.
  • Activation Block: The activationCheck method hooks into the plugin activation process and blocks activation on WordPress.com sites. Users are shown a detailed error message explaining the restriction and a link to additional information.

Improved Code Structure

  • Namespace Usage: All code is namespaced under RobertDevore\WPComCheck to prevent conflicts with other plugins or themes.
  • Reusable Design: By centralizing logic in a class, the functionality is modular, easy to maintain, and reusable across multiple plugins.

How to Use the Class

Developers can integrate this functionality into their plugins with minimal effort. The only requirements are:

  1. Instantiating the WPComPluginHandler class in their plugin file.
  2. Providing the plugin slug and a link for users to learn more about the deactivation reason.
Vince McMahon - Rejected WWE Gif

Why Use This Code?

Take a Stand for the Community

This script isn’t just about restricting your plugin.

It’s a statement against the centralization and overreach demonstrated by WordPress.com and Automattic’s (lack of) leadership.

WordPress® developers deserve a level playing field – free from monopolistic B.S. that stifles innovation and community growth.

Easy to Implement and Reuse

With the  wp_com_plugin_check  helper function, this script is designed to be reusable.

You can drop it into any plugin with minimal modifications, simply updating the plugin slug, function prefixes and link to your custom “Learn More” page.

Practical Benefits

  • Protect your plugin’s integrity by ensuring it isn’t used on a platform that undermines open-source values.
  • Clearly communicate your stance to users with professional and actionable feedback.
Snoop Dogg - All money ain't good money - GIF

BRB, I got a LOT of plugins to update 😎

Comments

16 responses to “How to Stop Your Plugins & Themes from Being Used on WordPress.com Hosting”

  1. webverts Avatar

    I agree what Matt did is shit but what you are proposing here is also the same?
    He blocked WPengine users, you doing the same with wp.com users.

    In the end it’s the end users who gets affected.

    1. Robert Avatar

      Matt stops an entire hosting company from using wp.org to update their clients themes and plugins.

      I’m a solo developer choosing to not let his hosting company benefit from users being able to install and run my free plugins.

      Not the same, not even by a long shot 🤷‍♂️

      1. webVerts Avatar

        I 100% agree, you’ve every right to do that. And have already mentioned the approach Matt did is wrong.

        > I’m a solo developer choosing to not let his hosting company benefit from users being able to install and run my free plugins.

        I’m just replacing few texts here.

        Matt as a owner of WP.org website, choosing to not let (WP Engine), benefit from users being able to install and updates plugins for free.

        If you believe your approach is correct, then I’d have to agree that Matt’s approach is also valid.

        Also considering the fact that there are multiple plugins of your in WP.org, this approach might only result in delisting it there in the first place.

        1. Robert Avatar

          I’m not worried about being delisted there, I don’t have plans on continuing to update my plugins there.

          WP.org is “technically” Matt’s, but it’s been the central hub of the entire WordPress Community who (right or wrong) assumed it was a community site, and acted as such.

          His blatant disrespect of the entire community, the obvious money grab against WP Engine and the list of other offenses he’s racked up have brought us to this point.

          Cause and effect.

          1. VisualMatter Inc. Avatar
            VisualMatter Inc.

            Similar to the previous commenter. You’re not that different to Matt.

            Matt blocked WPE. Now you block .com.

            Ironically, your action potentially damages the WordPress ecosystem like. Why?

            1. Every plugin that works within WordPress has to be under GPL. With that being said, anyone can redistribute it freely without your consent as long they build their own repo. https://www.gnu.org/licenses/gpl-3.0.en.html.

            2. You’re not willing to update the plugin “intentionally.” As we all know, this means that it can pose a vulnerability risk to users who install your plugin.

            If you think that for a second, it would become more chaos. Who blatantly disrespect the community now? WP.org/Matt, WPEngine, or you?

          2. Robert Avatar

            > 2. You’re not willing to update the plugin “intentionally.” As we all know, this means that it can pose a vulnerability risk to users who install your plugin.

            Not even remotely correct. The code I published stops the person from ever installing it. If there’s a vulnerability in the plugin, this code is actually keeping wordpress.com users safer by not allowing them to install it 😎

  2. JDM Avatar

    It is clear that Mat needs a new vocation. As a former WP VIP Enterprise and VIP Go customer, his claim that WPE is offering a “hacked up, bastardized simulacra of WordPress” is quite a joke. Anyone that has hosted with Automat(t)ic knows this to be high irony.

    I applaud your efforts, Robert. It may be a small step but a little spit in the eye of a tyrant is a good thing, in my opinion.

    Have a safe and prosperous new year

    1. Robert Avatar

      Thank you, I’m just trying to do my small part in the grand scheme of things, so I’m happy to see it being well received. And agreed, a little spit goes a long way 🤘

  3. Tamara Godess Avatar
    Tamara Godess

    Great work but do you think you are some kind of Mini Matt? What kind of ego one must have to write a code like this? these plugins are not even known enough though.

    1. Robert Avatar

      “These plugins are not known enough though” … Which plugins? Mine?

      If you’re looking at this from a “my plugins, my code, my ego” standpoint, then you’re missing the entire point of this code being released.

      Today, it may just be me loading my plugins with this code. Tomorrow? Who knows.

      It’s an idea. It’s out there, and it’s not just mine – it came about in the first place during a discussion on Twitter between WP Community members.

  4. John Ogden Avatar
    John Ogden

    WordPress was originally released May 27, 2003. I began using it sometime in 2005. I still use it daily today on a number of sites.

    I am reminded of Caldera, also in 2003, which was rebranded SCO Group, and was run by Darl McBride. That absolute piece of (doodoo) went over the top, above and beyond, whining in a lawsuit that UNIX code was in Linux, and did everything he could to destroy Open-Source, claiming it was just a way for greedy people to steal other people’s code and make money off of it. It drug on for darn near a decade before he finally lost and was sent off with his tail between his legs when the court slapped him off his high horse. I’m 52 and remember it very well. If you don’t, here is the Wikipedia article:

    https://en.wikipedia.org/wiki/SCO%E2%80%93Linux_disputes

    I remember thinking way back in 2005 that Mullenweg was a prime candidate for similar trash-talk, claiming others were benefitting from him, even though what he released was allegedly “free and open-source software” and that he would do a money grab at some point…

    And here we are… Mullenweg pulled a McBride. He whined his way into a lawsuit, making outrageous claims, and undermining Open-Source to suit his own $$$ agenda. So far the courts are reacting quicker to Mullenweg with a Cease and Desist than they did McBride. But the end result will be the same… Mullenweg will be sent off with his tail between his legs.

    People like you are helping add a little sting to his eventual humiliation.

    1. Robert Avatar

      “I began using it sometime in 2005. I still use it daily today on a number of sites.” – same ✊💯

      Thanks for the comment. I’m happy to do my part, no matter how small it is 🙏

  5. ArleyM Avatar

    It’s poetic. Leadership is influence – Matt has been the leader, he sets precedent, tone, and culture of the community, and this is a natural progression for our community. He leads us to division. He leads the core development to a stall. Taking the “nuclear option” metaphor to the next level, this is symptoms of radiation sickness, it’s just getting started.

  6. Braidin Avatar

    hey Robert, I do agree as this can help alot of developers, in future, as well as myself. also I would like to work with you on a project to create a Theme, please do email so we can talk more.

Leave a Reply

Your email address will not be published. Required fields are marked *