When it comes to the security problems with WordPress plugins, as well as many other problems with WordPress, the project’s lack of proper governance is a key problem. In addition to Matt Mullenweg, the only person that appears to have an oversight role for the project has been the Executive Director of WordPress. That hasn’t produced good results.
While not disclosed by Matt Mullenweg when he announced the position, the first holder of the position was the head of the open source division of Automattic, Matt Mullenweg’s company. The obvious conflict of interest might explain why that person never released the conflict of interest policy they promised for over a year. That person held the position from 2019 until September, when Matt Mullenweg’s offered a buyout to Automattic employees after his extortion campaign against WP Engine went public. They unsurprisingly operated largely in line with what you would expect from someone that is an employee of Automattic who happens to hold that title. [Read more]