Automattic’s Marketing Lead, Nicholas Garofalo, has announced that WordPress is adding a new element to the Community Code of Conduct: Publishing private messages without consent. This addition expands the examples of unacceptable behaviors in the Community Code of Conduct to six.
He pointed out that “Sharing private communications without permission is a clear violation of professional integrity. This new addition ensures that private messages receive the same level of protection as personal information and that sensitive communications shared in confidence will not be disclosed without prior consent… This change encourages honest, constructive engagement across all levels of participation.”
He continued, “The strength of our community lies in the trust we place in one another. By clarifying and reinforcing our expectations, we are taking another step toward maintaining an inclusive, respectful, and safe environment for everyone.”
Code of Conduct is based on the Contributor Covenant, version 2.1 and now includes six examples of unacceptable behavior.
- The use of sexualized language or imagery, and sexual attention or advances of any kind.
- Insulting or derogatory comments, taunting or baiting, and personal or political attacks.
- Public or private harassment.
- Publishing others’ private information, such as a physical or email address, without their explicit permission.
- Publishing private messages without consent.
- Other conduct which could reasonably be considered inappropriate in a professional setting.
The new addition takes effect immediately, with violations handled according to the existing enforcement guidelines. The sole exception is when private messages are shared to report concerns to the Incident Response Team.
Yoast-sponsored WordPress Core contributor Carolina Nymark shared her experience in X, “I am one of the people who’s private WP Slack messages have been screenshotted and made public. In my case it was a harmless joke that was shared, but it should go without saying that you don’t share private messages.”
@gsusMad tweeted, “Attacking transparency (leaks) with transparency (CoC) as a way to show commitment to a respectful and inclusive community doesn’t feel right. If that wasn’t obvious when making the move, it’s a sign of a spiral where truth has likely become a second-class citizen, which I’m not sure aligns well with your core values.”
“These sort of clauses make sense as long as they have a whistleblower clause. Public service whistleblowers are protected by law, I’d like to see these CoCs extend those capabilities to themselves and their communities personally.”, shared Nicholas Griffin, a Software Engineer.
Steve Daniels tweeted, “This is vile. WordPress is changing its code of conduct to protect those who attack others in private messages by banning them from sharing the evidence. Only an abuser would create or condone such activity.”
Former Incident Response Team member Megan Rose shared her concerns about the new changes. She said, “I worry that this new rule could enable abuse to happen in private at a time when the public trust of the IRT could potentially be in flux due to turnover or other factors… I wanted to publicly encourage caution with this new rule.”
Megan Rose also echoed concerns shared by others regarding how this rule may intersect with whistleblower and labor laws.
Angela Jin, who was the Head of Programs & Contributor Experience at Automattic, shared her thoughts on Community Code of Conduct, “Focusing on the WordPress Code of Conduct, this latest change is something that most people under regular circumstances, will likely readily agree to. However, it contradicts my experience with the Community and Incident Response Teams. We generally tried to avoid making very specific “don’t do this” type rules, opting instead for behaviors we wanted to encourage… The timing is also suspect, or right, given everything happening in WordPress at the moment. It depends on how you prefer to view it.”