Potential Supply Chain Breach Identified with Advanced Custom Fields Plugin

Last Updated on 

October 16, 2024

 by 

Ryan T. M. Reiffenberger

We have recently identified a potential supply chain breach affecting the Advanced Custom Fields (ACF) plugin due to a change in control of the update servers responsible for delivering updates to WordPress installations.

Message from the Plugin Developers

Our ACF plugin has been taken over forcibly by wordpressdotorg without our consent.

If you are a WP Engine, Flywheel or ACF PRO customer, you do not need to take any action and will continue to get the latest from the ACF team.

If you have a site managed elsewhere using ACF, in order to get ACF updates you must perform a 1-time download of the genuine 6.3.8 version to remain safe in the future. The update servers for wordpressdotorg are no longer controlled by the ACF team.

You’ve been trusting ACF for over a decade. The experts that maintain ACF will continue to support and enhance the capabilities that our users love and trust.

Actions Taken by Falls Technology Group

To address this issue and safeguard our clients, we have taken the following steps:

  1. Deactivated all instances of Advanced Custom Fields, including both up-to-date and out-of-date versions, to prevent any unauthorized actions.
  2. Identified and removed all traces of the ‘Secure Custom Fields’ plugin fork that had been uploaded in place of the legitimate ACF plugin by the compromised update servers.
  3. Manually uploaded a certified ZIP of the official ACF plugin, directly provided by WP Engine developers, and reactivated the plugin across all relevant installations.
  4. Performed thorough validation checks on all sites to ensure plugin stability and functionality post-update.
  5. Issued a global cache purge to clear any caching errors that may have been created during this process.

We have disabled future automatic updates for this plugin until the situation is fully resolved and will continue to monitor for any further developments.

Increase WordPress Performance For FREE With These Tips!

Sign up for our FREE email series and improve your website load speeds!

Thank you for your trust in Falls Technology Group. We will provide ongoing updates through this post as the situation evolves.

Please stay tuned to this post for further updates on the situation below this line.

Announcement Updates

October 14th, 2024 – 2:20 AM CT
A note from Falls Technology Group on the ongoing WordPress Conflict. As many of you know, we at Falls Technology Group have a passion for open-source technology, and the communities and values they espouse. It is our belief that open-sourcing technology, and inviting community development helps lay the foundation for stronger development practices, easier contributions from developers all over the world, and advancing technologies that power every reach of the most fundamental parts of our internet.

The recent developments between WordPress[dot]com and WP Engine bring up rising concerns about the nature of open-sourced software as a whole and the involvement of corporate companies within these projects. Staying true to our mission of ensuring that the internet can remain easily accessible to everyone, we will continue to work to democratize access to WordPress for our clients and to ensure that the continued and retained ownership of their intellectual property and control of their website remains within the hands of our clients, and not at the mercy or whims of a corporate company and the leadership driving it.

We remain confident that the future of WordPress as an open source content management system is positive, and look forward to contributing to the WordPress community and ecosystem in a positive way to help further development of the internet as a whole.

October 16th, 2024 – 5:30 PM CT
Update. The Advanced Custom Fields development team has released a few resources that we want to ensure are available to our clients and other WordPress users. It is recommended that users install the WPE Secure Update Plugin utilizing the latest version available on their site here. Our team will continue to perform manual updates until we can certify internally that a batch installation of this plugin will not interrupt sites on our infrastructure.

WordPress Hosting by A Team Who Cares

Our developers are incredibly passionate about the WordPress and open-source ecosystem. Build your website on a rock-solid infrastructure run by a team who will ensure your WordPress installation remains YOURS.

Disclosure: Our content is reader-supported. This means if you click on some of our links, then we may earn a commission.

Leave a Reply

Your email address will not be published. Required fields are marked *

Article Overview

Share This Article

Share
Tweet
Share
Email

Start Your Next Project.

Curious about how we can help? Grab a time to chat below and we’ll help you identify the right steps to get your website goals accomplished.

Select A Portal

FTG Hosting

portal.fallstech.group

Access your hosting portal to make changes to your website, domain, or manage your billing.

FTG Marketplace

www.fallstech.group

Download pre-built website kits, plugin files, or manage subscriptions to our educational courses.

Please Note: These buttons may take you away from (www.fallstech.group) to another location on our infrastructure. You will be redirected upon click.

Black Friday is Here!

Get 50% Off Your Web Hosting Account + MORE