For WordPress, it’s been a long and brutal winter.
I don’t need to regurgitate why. You’re probably aware of the feud. If not, you can read my overview of the Automattic/WP Engine drama or listen to my recent podcast with Karim Marucchi of Crowd Favorite.
There are chills a-plenty.
The core of this battle has been a persistent lack of control and transparency. With Matt Mullenweg’s hand on the kill switch, WordPress users around the globe have been deeply concerned about the stability of their sites and apps, with many now questioning the democratized promise of this open source project.
As Karim noted in our recent chat, securing the software supply chain is absolutely crucial to ensuring the future of WordPress, which powers 43% of all sites on the Internet. In his own words, it’s simply too big to fail, and the market has been yearning for answers.
Like all things in tech, change is the constant variable. And there’s been a powerful will in the WordPress community to solve this problem for everyone, from the enterprise down to the mom-and-pop business on Main Street.
Today, we might be on the precipice of a solution. Announced this evening during a surprise on-stage appearance at Alt Ctrl Org in Basel, the new FAIR Package Manager was released to the public, which is now available at https://fair.pm
The project – reflecting months of diligent work by roughly 200 people across a blend of participating organizations – will provide a sustainable and transparent path for a secure supply chain for WordPress, including its plugins, themes, and update infrastructure.
Along with the package comes a transparent governance model to help ensure a trusted distribution network, which will answer some of the biggest challenges in the current environment.
I caught up with Karim and Joost de Valk, the luminary behind the ubiquitous Yoast SEO plugin and an advisor to many companies in the WordPress community, to discuss the news. The two have long been partners in helping to shape and guide the open source ecosystem, and have actively pursued solutions to the current conundrum.
At a high level, FAIR is not just a software project – it’s a structural intervention, representing a new way to build open source software that prioritizes the community, respects governance, and aligns with current legislation and long-standing stakeholder needs.
On a granular level, FAIR eliminates reliance on any single source for core updates, plugins, themes, and translations, thus enabling federation across the ecosystem from trusted sources. It marshals a fragmented topology by assembling plugins from any source – not just a centralized one – while creating a firm foundation for modern security practices.
FAIR also elevates security at the supply chain level, providing improved cryptographic measures and enhanced browser compatibility checking.
Announcement of the FAIR Package Manager at Alt Ctrl Org in Basel.
The announcement was made at an apropos moment during the adjacent WordCamp EU event. Representatives from the various groups involved in this project took the stage to splash the news, which is likely to make waves over the coming days and weeks.
Attendees at Alt Ctrl Org have been invited to download, participate, and join in the movement as it looks to establish a directed fund at the Linux Foundation for supporting this project.
Karim has been actively engaging with WordPress business owners in an effort to garner support. Over the last few months, he’s noted overwhelming interest from people who have heard the idea of what “could” be, well before the tangible project was released.
“Wouldn’t it be nice if it did happen?” he mused, reinforcing the desire of people to sign up and support such an initiative if it materialized. “That's the beauty of these communities, right? If there's a real will of the people to want to make change, it happens.”
The palpable fear of an uncertain future has motivated this desire for change. That includes not only the businesses, but the builders and contributors working across the community and within the ranks of Automattic.
As Joost noted, people have been scared about the future, treading water while the recent battle has waged. This solution is a sort of digital life ring, and it’s been fully tested and ready to deploy.
He shared a bit about how it delivers without disrupting the existing systems.
“From an architectural perspective, what’s cool about it is that we're solving a political problem with code,” he said. “It's a plugin, so it doesn't change WordPress itself. WordPress remains WordPress. We add a plugin on top of it, and we replace where it calls ‘home.’”
Joost went on to explain how this approach is also solving for compliance challenges, enabling users to manage requests outside of WordPress.org to meet some of the challenges posed by the EU’s forthcoming Cyber Resilience Act and mounting GDPR issues.
Joost de Valk
“There are a lot of these fixes that could have just happened in WordPress core that we're applying to WordPress through our plugin,” he continued. “So we're augmenting WordPress, we're improving it without changing WordPress itself.”
That should provide comfort to enterprises that have been seeking terra firma around larger governance and regulatory challenges at a global level.
I asked Joost about the institutional guardrails. This solution is the result of people and organizations within the community versus larger entities. That brings up foundational and even philosophical questions about the project's extensibility and support, and whether we’re trading one source of consolidated control for another.
“This is exactly why we're working with the Linux Foundation,” he said emphatically. “Because we didn't want to reinvent that wheel. That wheel has already been invented a couple of times over, and the Linux Foundation has been doing it well for a couple of decades. This is not Joost and Karim doing something – this is the community doing something together with us. We’re the first two spokespeople, but there are loads more. And it's not about any single person or any single company being in control of what we're doing.”
Karim built on this, explaining how the Linux Foundation has done an exceptional job of creating a governance model by separating the funding from the technical decisions – and that has worked exceedingly well for many of their projects. This alignment has reinforced FAIR's solvency and ignited interest from the Linux Foundation to support it (you can read their press release about the announcement here).
“Even the Linux Foundation was surprised at the personal activism of the WordPress community,” Karim said. “The amount of code that's been written in the last three months wouldn't have been written in any other open source community without funding, right? WordPress is unique in that way, so they worked with us, and we've made a couple of adjustments to their model to recognize the fact that we need to balance the needs of large distribution companies with the community needs, and really try to balance that – which has been amazing.”
As Joost relayed to me, this is a “tipping point” moment – not just for WordPress but for the market and industry at large. Open source and the desire for democratization are colliding with some of the institutional trends of the last two decades, and as those monoliths are being challenged, there’s rising optimism around what it can mean for users.
“There are just so many reasons why this is a good moment,” he said. “I think in many ways, we've seen ‘SaaSification’ of a lot of stuff over the last decade. And funny enough, I'm European. We're getting back from that because everybody wants to host their stuff themselves again. We want to actually own this ourselves. And I think that WordPress is, of course, in the perfect position to serve those people and actually comply with all the laws that we have in Europe.”
There’s also the reality that pricing will rapidly become a key factor in the marketplace. Tools like Shopify and Wix, which are funded and expected to deliver growth, will likely raise their fees. So many businesses are dependent on their all-in-one infrastructures, and in commerce, the margins are getting thinner. As Joost suggests, open source might become a game changer once again as enterprises and small businesses look for ways to reclaim those revenues.
Karim Marucchi
“It seems cheaper now, but they're going to raise their prices,” he said. “They are going to do that because they're all PE funded, and they all need to make money, and they need to make more money than they did last year, every year, right? And I think that combination is actually a good market for WordPress in many ways, and for every open source systems.”
Karim also shared his enthusiasm for what’s ahead.
“The thing I'm mostly excited about is, if this project is successful, it will create for the first time ever in the history of the internet, a content management system that is not reliant on any one commercial company,” he said, glowingly. “We will have a piece of software that is completely distributed and not reliant on any one entity. That is huge. I don't know how an AEM or a Sitecore, on-prem or in the cloud, is going to compete with a CMS that is that nimble, that configurable and composable, that you can actually say it's not open to the whims of any one company.”
Without question, this is a big moment for both of these industry leaders – and the community they represent. Will the project be as successful as their ambitions? Only time will tell. We can anticipate a lot of traction as of right now, and like all software, bugs will likely emerge.
But this could be the first major step in securing the software supply chain for WordPress and providing the necessary governance to make it sustainable.
And maybe – just maybe – finding some peace and prosperity.
June 3-5, 2025 – Chicago, USA
The future of digital is waiting for you! Contentstack presents ContentCon, the premier event for digital teams and industry leaders who are reimagining the future of digital experiences. Join us for two days of transformative presentations and workshops designed to help you put personalization and AI strategies into action. Register today!
August 5-6, 2025 – Montreal, Canada
We are delighted to present the second annual summer edition of our signature global conference dedicated to the content management community! CMS Connect will be held again in beautiful Montreal, Canada, and feature a unique blend of masterclasses, insightful talks, interactive discussions, impactful learning sessions, and authentic networking opportunities. Join vendors, agencies, and customers from across our industry as we engage and collaborate around the future of content management – and hear from the top thought leaders at the only vendor-neutral, in-person conference exclusively focused on CMS. Space is limited for this event, so book your seats today.