There’s really only one feature there at the moment – which is the option to override the default setting of being forced to use Gravatar to set your user profile photo. It’s turned on by default (titled as “FAIR Avatars”). However, if you prefer Gravatar for some reason, you can always revert back to it.
Aside from that, you’ll also notice a subtle, but important message on the bottom right of the screen: Updates served from the FAIR Package Manager and AspirePress.
That same message will show up in other areas of your WordPress admin dashboard – like the plugins and themes pages.
It’s just letting you know that FAIR is working and any future updates to your themes and plugins won’t come from WordPress.org. Instead they will come from FAIR and AspirePress.
In case you’re wondering, AspirePress is another open-source project with similar goals and values to FAIR. And according to this Reddit post by someone who was directly involved with building FAIR, the Aspire team was part of the process. Aspire also announced their own similar plugin the day after FAIR announced theirs. So it seems the two are working in tandem.
What’s the incentive?
If you’re not a developer or a WordPress power user, you might be wondering – why should I even install this? It’s a fair question.
For regular users, the choice to adopt FAIR is going to be more ideological than pragmatic. The plugin won’t dramatically change how you use WordPress day-to-day. However, if you care about WordPress and you believe that moving towards a more decentralized system is beneficial, then showing your support by installing the plugin won’t harm your site.
For developers, the incentives are much greater because they affect plugin distribution – in a good way. That’s because FAIR will allow developers to bundle both free and premium versions of their plugins into a single, cryptographically signed package. This could streamline user experience and create new business models.
For enterprises and hosting companies, FAIR addresses critical business concerns such as supply chain security, regulatory compliance, and risk management:
- Organizations can run FAIR behind their firewalls, maintaining full control over accessible plugins and themes.
- FAIR offers better alignment with GDPR and upcoming regulations like the Cyber Resilience Act.
- It reduces single points of failure in critical business infrastructure.
The system also introduces code signing and improved cryptographic security measures. These are additional features that enterprise clients have been requesting.
All of this sounds wonderful, but there are counterpoints to consider as well. Counterpoints that WordPress co-founder Matt Mullenweg was quick to point out on stage at WordCamp Europe.
Matt’s reaction to FAIR
Just hours after FAIR’s launch announcement, Matt Mullenweg took the stage with WordPress Executive Director Mary Hubbard in a “fireside chat” and was asked directly about potential collaboration with the project. His response revealed both diplomatic openness and significant technical concerns.
“Of course we consider everything,” Mullenweg said, “but even in what you said, I think there’s a lot of challenges to it.”
His main concerns centered on several key areas:
- Security: While FAIR aims to improve security, Mullenweg argued it could create new vulnerabilities. “Right now a supply chain attack needs to breach WordPress.org, which has never been hacked,” he noted. “But now all of a sudden there’s N places that could potentially be compromised.”
- Operational complexity: He highlighted challenges including multiple mirrors with potential uptime issues, difficulty implementing phased rollouts (like testing updates with 5% of users first), and the loss of centralized analytics that inform decisions about PHP versions and database support.
- Trust and quality control: Mullenweg argued that users aren’t necessarily asking for more download locations, but rather trust indicators: “How do I know this is trustworthy? How do I know these reviews are real? Who’s moderating? Who’s checking the IP on these different reviews? What’s the plugin rating? What’s the compatibility for it?”
- Enforcement issues: He questioned how existing policies, like restrictions on admin banners, would be enforced across a distributed system.
Despite the above, Mullenweg acknowledged the positive aspects: “I think it’s awesome that people are shipping code versus just arguing or talking or writing blog posts.” He further emphasized that he’d like to review the code before making any commitments about collaboration and mulled over the possible directions the project could take.
In my opinion, and given the short time window in which he had to process the announcement, I think it was a good response. The points he raised were also fair – pun intended.
The bigger picture
The FAIR project represents the most significant attempt to decentralize WordPress infrastructure since the platform’s creation and its implications could be far-reaching.
Whether it gains widespread adoption remains to be seen. However, its existence alone – backed by the Linux Foundation and developed by respected community figures – signals a shift in how the ecosystem thinks about governance, control, and the future of the platform that powers 43.5% of the web.
The technical challenges Mullenweg raised are also real and weren’t merely deflection points. They will need solutions. On the flip side, so are the governance and supply chain security concerns that prompted FAIR’s creation. How these competing priorities play off of one another may well shape WordPress’ future for the next decade.
What do you think about FAIR? Will you install the plugin on your WordPress sites?
