Secure Custom Fields: A New Era for WordPress
In a groundbreaking move for the WordPress community, the plugin Advanced Custom Fields (ACF) has been forked into a new plugin, Secure Custom Fields (SCF).
The WordPress community has made a significant change by forking the Advanced Custom Fields (ACF) plugin into a new plugin called Secure Custom Fields (SCF). This update not only boosts security but also improves the user experience for developers and site owners.
What is Secure Custom Fields?
Secure Custom Fields (SCF) replaces ACF. Specifically, it fixes important security issues and removes commercial upsells. Thus, this change aims to create a safer and easier experience for developers who use custom fields in their WordPress projects.
Key Changes in the Transition to Secure Custom Fields
On October 3rd, the ACF team announced that updates for ACF will now come from their website. For users who followed ACF’s update instructions, future updates will be handled by WP Engine. Additionally, WP Engine launched a new update solution for managing plugins and themes. This solution effectively replaces the old WordPress.org update service.
For those still using WordPress.org‘s update service, transitioning to SCF is easy. In fact, sites with auto-updates turned on will switch from ACF to SCF automatically, making the transition seamless.
Addressing Security Issues
The main goal of SCF is to fix security problems found in ACF. Consequently, developers designed these updates to address these concerns with minimal impact on how the plugin works. Importantly, SCF operates as a non-commercial plugin, which means users can access its features without any extra costs.
Furthermore, the WordPress security team encourages developers to help maintain and improve SCF. This collaboration will not only strengthen community engagement but also ensure the plugin evolves effectively.
A Unique Situation for the WordPress Community
Forking ACF into SCF is indeed an unusual event, driven by legal issues from WP Engine. While similar situations have occurred before, none have been this large. Therefore, the WordPress security team does not expect this to affect other plugins, which reassures users.
Although WP Engine has shared instructions for using their version of ACF, the WordPress security team advises against it until all security concerns are fully resolved. Therefore, users can confidently uninstall ACF and switch to SCF from the plugin directory.
Looking Ahead
In related news, Jason Bahl has left WP Engine to join Automattic. As a result, he will work on making WPGraphQL a community plugin. This change promises not only more innovation in the WordPress ecosystem but also supports the spirit of collaboration.
Conclusion
In summary, the launch of Secure Custom Fields (SCF) represents an important step in WordPress development. It prioritizes security and usability. Consequently, users can trust SCF as a reliable tool for managing custom fields, making their experience safer and more efficient.
To learn more about SCF and make the switch, visit the WordPress Plugin Repository. Embrace this new era of secure customization for your WordPress projects today!