One question that has come up a lot recently when the situation with Matt Mullenweg and WP Engine, is who is the bad guy? Considering that Matt Mullenweg is engaged in a now very public extortion campaign against WP Engine, they are clearly a victim. But that doesn’t mean they are good guys. Sometimes they are the bad guys alongside Matt Mulleweg’s company Automattic.
In July of last year, we covered a situation where WP Engine was falsely claiming that a popular WordPress plugin contained a vulnerability. (Because everything is related, the developer of that plugin has become another victim of the current mess.) The cause of the false claim was that WP Engine didn’t actually vet vulnerability claims. Instead, they used a source well-known to not be a reliable source, WPScan. WPScan is owned by Automattic. [Read more]