WordPress veterans launch FAIR project to tackle security and control concerns

The WordPress community is concerned about a critical "supply chain security" vulnerability at the core of the platform, which powers over 40% of websites online. A new project, FAIR Package Manager, aims to eliminate this vulnerability by enabling hosting companies and organizations to run their own mirrors of WordPress's core update, plugin, theme, and translation servers. This would replace reliance on WordPress.org, which is controlled by Matt Mullenweg. The project emerged in response to Mullenweg's controversial moves, including cutting off access to WP Engine and accusing it of extracting hundreds of millions of dollars in value from the open-source platform without adequate contributions. The FAIR system offers an alternative that remains fully compatible with WordPress but operates independently from WordPress.org. Over 100 contributors from more than 10 organizations have been involved in building FAIR over the past six months. The Linux Foundation is providing neutral oversight, and a technical steering committee has been created to avoid centralization. The project aims to strengthen security, reduce costs, and open new commercial opportunities for software that millions depend on for web hosting. The FAIR repository is already live on GitHub and accepting contributions, and the project team plans to move forward regardless of Automattic's participation. The goal is to provide a reliable backend for WordPress, which is a critical piece of infrastructure for communication and organizations that rely on it.