Skip to main content

WordPress has taken a significant step to strengthen privacy protections within its community by updating its Code of Conduct. The platform, which powers nearly half of all websites globally, aims to maintain a respectful and inclusive space for users, contributors, and developers alike. In a recent announcement, Automattic’s Marketing Lead, Nicholas Garofalo, confirmed that WordPress now considers publishing private messages without consent a violation of its Community Code of Conduct.

Garofalo highlighted the motivation behind the update, stating, “Sharing private communications without permission is a clear violation of professional integrity. This addition ensures that private messages receive the same level of protection as personal information, fostering honest, constructive engagement across all community interactions.” By clarifying these expectations, WordPress seeks to reinforce trust and respect across its expansive community.

The Updated Code of Conduct: Key Points
The revised Code of Conduct, which is based on the widely used Contributor Covenant (version 2.1), now outlines six specific behaviors that are deemed unacceptable within the WordPress community. The list includes:

1. Sexualized language or imagery, as well as any form of sexual attention or advances.
2. Insults, derogatory comments, or taunting based on personal or political views.
3. Public or private harassment.
4. Publishing others’ personal information (such as physical or email addresses) without consent.
5. Sharing private messages without permission.
6. Any conduct reasonably considered unprofessional within the WordPress space.

The new rule takes effect immediately, with exceptions made solely for cases where private messages are shared to report misconduct to the Incident Response Team.

Community Reactions: Support and Skepticism
The update has sparked a range of responses from WordPress contributors and the broader tech community. Some members view the change as a necessary step toward a safer, more respectful online environment. Others, however, express concern that this policy could inadvertently limit transparency and accountability, especially when reporting abusive behavior.

Carolina Nymark, a WordPress Core contributor sponsored by Yoast, shared her experience on X (formerly Twitter), saying, “My private WP Slack messages have been screenshotted and made public. While it was a harmless joke, it’s important to respect private communications.” Nymark’s comment reflects a sentiment shared by many who want to see mutual respect in the community without fear of private conversations being exposed.

Not all reactions were positive. Software Engineer Nicholas Griffin voiced a common concern about whistleblower protections, suggesting that a Code of Conduct should include clear allowances for reporting misconduct: “These sorts of clauses make sense with a whistleblower clause. Public service whistleblowers are protected by law—I’d like to see these protections extended to community members.”

Steve Daniels took a more critical stance, tweeting, “This is vile. WordPress is changing its code to protect people who attack others in private by banning the sharing of evidence. Only an abuser would support such a rule.” The comment reflects a concern that the policy could shield potential bad actors from accountability if they exploit the rule to suppress evidence of misconduct.

Calls for Caution from Experienced Team Members
Former Incident Response Team (IRT) member Megan Rose also raised concerns about the potential unintended effects of the rule, particularly on the IRT’s oversight role. “I worry that this new rule could enable abuse in private conversations, especially during times of transition within the IRT,” she stated, echoing the sentiments of others who feel the change might need further refinement to avoid loopholes.

Angela Jin, previously Head of Programs & Contributor Experience at Automattic, weighed in on the new rule’s timing. Jin noted that “this latest change aligns with the goal of creating a respectful community.” However, she acknowledged the tension between clearly prohibiting certain behaviors and focusing on constructive actions the community should take. Jin’s comment suggests that while the change is well-intentioned, some community members may prefer broader guidelines rather than specific prohibitions.

What’s Next for WordPress Community Standards?
As WordPress evolves its Code of Conduct, this update marks a notable shift in its approach to fostering a respectful and collaborative community. The immediate enforcement of the new rule underscores WordPress’s commitment to safeguarding its community from privacy breaches. Nonetheless, the mixed community response highlights the need for continued dialogue around transparency, accountability, and how best to balance them within a digital space.

For WordPress, this update represents more than a policy change—it’s a reminder of the complexities involved in fostering a diverse global community where respect, trust, and safety remain foundational values. The response from the community will likely influence future iterations of the Code of Conduct as WordPress navigates these evolving challenges.

Aaron Fernandes

Aaron Fernandes is a web developer, designer, and WordPress expert with over 11 years of experience.