ACF and WordPress: What Happened and How to Update to the Latest Version

If you use Advanced Custom Fields (ACF), you’ve likely noticed some major changes recently. WordPress.org has taken control of the ACF plugin repository, citing security concerns. For many users, this has raised questions about plugin management, ethics, and control—but for now, the focus is on ensuring your website is secure and using the latest version.

Here’s what you need to know about the changes, why they happened, and how to ensure you’re running the most up-to-date version of ACF from WP Engine.


What’s Going on with ACF?

Advanced Custom Fields, one of the most widely used plugins in the WordPress ecosystem, has undergone a significant shift. WordPress.org stepped in to control the plugin repository, citing security vulnerabilities as the primary reason for the intervention. This means that users who haven’t updated their ACF plugin recently might see a version controlled by WordPress.org rather than by WP Engine, the company that owns and maintains ACF.

This action, while justified by the need to patch vulnerabilities, has raised concerns within the WordPress community. Was it ethical for WordPress.org to take over the plugin without WP Engine’s full consent? And what does it mean for users moving forward?


How to Update to the Latest Version by WP Engine

If your ACF plugin was swapped out by WordPress, it’s important to know that you can still update to the latest version from WP Engine. Here’s how you can ensure your website is running the most up-to-date, secure version of ACF from the original developer:

Step 1: Check Which Version of ACF Is Installed

  • Go to your WordPress dashboard and navigate to Plugins.
  • Search for Advanced Custom Fields and check the version number.
  • If WordPress has swapped out your plugin, you might see a different version controlled by WordPress.org.

Step 2: Update to the Latest Version by WP Engine

  • Head to the official Advanced Custom Fields website and download the latest version directly from WP Engine.
  • Deactivate the current version of ACF installed on your site.
  • Install and activate the latest version from WP Engine to ensure you’re using the official version.

Step 3: Enable Auto-Updates for Security

To avoid these issues in the future, consider enabling auto-updates for the ACF plugin. This will ensure that your site always runs the latest, most secure version of ACF without you having to manually check for updates.

To enable auto-updates:

  • In your WordPress dashboard, go to Plugins.
  • Find Advanced Custom Fields in the list and click on Enable auto-updates next to the plugin name.

The Security Concerns: Was the Takeover Justified?

WordPress.org justified the takeover of ACF by citing vulnerabilities in older versions of the plugin. The ACF 6.3.8 security release patched these issues, but the intervention from WordPress raises questions about whether it was a necessary move or an overreach.

From a security perspective, it’s clear that WordPress.org felt the need to act quickly to protect millions of websites using ACF. Vulnerabilities in such a widely used plugin could have a large-scale impact, which is why swift action was taken.

However, for plugin developers and companies like WP Engine, the situation also highlights concerns about autonomy and control. Is it right for WordPress.org to take over the management of a plugin without the developer’s full consent? And does this set a precedent for future plugin interventions?


What Does This Mean for ACF Users?

For ACF users, the most important takeaway is to ensure that your website is secure and up to date. While this situation raises larger questions about ethics and control, the immediate focus should be on ensuring that you’re running the latest version of the plugin.

If you find that WordPress.org has swapped out your ACF plugin, you can easily update to the latest version provided by WP Engine. Keeping your plugins up to date, enabling auto-updates, and staying informed about plugin vulnerabilities will help protect your site.


Final Thoughts: Should You Be Concerned About the ACF Takeover?

The ACF takeover by WordPress.org has certainly caused waves in the WordPress community. While the security concerns seem to justify the intervention, the ethical implications are less clear. It’s important for developers and website owners to stay informed and ensure their websites are secure, but this situation also highlights the need for more transparency between WordPress.org and plugin developers.

For now, ACF users should prioritize updating to the latest version and enabling auto-updates to keep their sites secure. If you’re concerned about the future of plugin management, it’s worth keeping an eye on how this situation evolves—and how it may affect other popular WordPress plugins in the future.

Leave a Reply

Your email address will not be published. Required fields are marked *