Slide 1
Slide 1 text
© 2025 Ryan McCue, CC-BY-NC fair.pm
What’s Fair is FAIR:
A Decentralised Future for
WordPress Distribution
Reinventing WordPress package management for
plugins and themes – with transparent governance
and open to all.
fair.pm
Slide 2
Slide 2 text
© 2025 Ryan McCue, CC-BY-NC fair.pm
● VP of Product
Human Made & Altis
● TSC Co-Chair
FAIR Project
● WordPress
Core committer, security team
member
Ryan McCue
Formerly
● Creator & Co-Lead
WordPress REST API
● Creator & Maintainer
Requests for PHP
● Project Lead
SimplePie
Slide 3
Slide 3 text
© 2025 Ryan McCue, CC-BY-NC fair.pm
What is FAIR?
Slide 4
Slide 4 text
fair.pm
© 2025 Ryan McCue, CC-BY-NC
Federated
And
Independent
Repositories
Slide 5
Slide 5 text
fair.pm
© 2025 Ryan McCue, CC-BY-NC
Our goal:
improve security in software distribution
and establish a model where
no single entity controls the supply chain
Slide 6
Slide 6 text
© 2025 Ryan McCue, CC-BY-NC fair.pm
FAIR is part of
With 40+ organizers (committers and contributors)
Slide 7
Slide 7 text
© 2025 Ryan McCue, CC-BY-NC fair.pm
1) Technical Independence
● A full replacement for
WordPress.org
● Improved privacy and
updated functionality
2) Package Management
● Plugin and theme installation and
updates without central servers
● Freedom for developers to
choose their host
● Same focus on usability,
improved security
Organisation: The FAIR Web Foundation
A series of the Linux Foundation.
● “Technical Side”: Technical Steering Committee and
Working Groups
● “Business Side”: Board and Technical Advisory Committee
Shipped in June Launched this week!
Slide 8
Slide 8 text
© 2025 Ryan McCue, CC-BY-NC fair.pm
Why FAIR?
Slide 9
Slide 9 text
© 2025 Ryan McCue, CC-BY-NC fair.pm
WordPress
depends on
WordPress.org
Slide 10
Slide 10 text
fair.pm
© 2025 Ryan McCue, CC-BY-NC
Slide 11
Slide 11 text
fair.pm
© 2025 Ryan McCue, CC-BY-NC
Slide 12
Slide 12 text
© 2025 Ryan McCue, CC-BY-NC fair.pm
WordPress
depends on
WordPress.org
Slide 13
Slide 13 text
© 2025 Ryan McCue, CC-BY-NC fair.pm
We
WordPress
depends on
WordPress.org
Slide 14
Slide 14 text
fair.pm
© 2025 Ryan McCue, CC-BY-NC
So how do we fix it?
Slide 15
Slide 15 text
© 2025 Ryan McCue, CC-BY-NC fair.pm
Technical Independence
Slide 16
Slide 16 text
© 2025 Ryan McCue, CC-BY-NC fair.pm
Slide 17
Slide 17 text
© 2025 Ryan McCue, CC-BY-NC fair.pm
Slide 18
Slide 18 text
© 2025 Ryan McCue, CC-BY-NC fair.pm
BROUGHT TO YOU BY WordPress
Slide 19
Slide 19 text
© 2025 Ryan McCue, CC-BY-NC fair.pm
Slide 20
Slide 20 text
© 2025 Ryan McCue, CC-BY-NC fair.pm
Released 2017
Released 2016
Released 2017
Slide 21
Slide 21 text
fair.pm
© 2025 Ryan McCue, CC-BY-NC
Slide 22
Slide 22 text
© 2025 Ryan McCue, CC-BY-NC fair.pm
Browserslist
The modern replacement
● Industry standard
Browserslist is used in tools like
Webpack, Babel, and many others.
● Checks run entirely on-site
No browser data ever leaves your
WordPress site, preserving user
privacy.
● Actually maintained
Browserslist works automatically
using browser usage data and
official APIs.
Slide 23
Slide 23 text
fair.pm
© 2025 Ryan McCue, CC-BY-NC
Slide 24
Slide 24 text
fair.pm
© 2025 Ryan McCue, CC-BY-NC
Slide 25
Slide 25 text
fair.pm
© 2025 Ryan McCue, CC-BY-NC
Defunct
Slide 26
Slide 26 text
fair.pm
© 2025 Ryan McCue, CC-BY-NC
Defunct Defunct Defunct
Slide 27
Slide 27 text
fair.pm
© 2025 Ryan McCue, CC-BY-NC
Defunct Defunct Defunct
Automattic
Slide 28
Slide 28 text
© 2025 Ryan McCue, CC-BY-NC fair.pm
IndexNow
The modern replacement
● Open industry standard
Spearheaded by search engines
including Bing (whose data also
feeds DuckDuckGo and others).
● Decentralised
Each IndexNow member accepts
pings and forwards them to
all the others.
● Actually useful
IndexNow is actively supported by
real search engines in use today.
Slide 29
Slide 29 text
© 2025 Ryan McCue, CC-BY-NC fair.pm
Slide 30
Slide 30 text
© 2025 Ryan McCue, CC-BY-NC fair.pm
Slide 31
Slide 31 text
© 2025 Ryan McCue, CC-BY-NC fair.pm
Package Management
How plugins and themes get distributed
Slide 32
Slide 32 text
© 2025 Ryan McCue, CC-BY-NC fair.pm
Slide 33
Slide 33 text
© 2025 Ryan McCue, CC-BY-NC fair.pm
Slide 34
Slide 34 text
© 2025 Ryan McCue, CC-BY-NC fair.pm
Slide 35
Slide 35 text
© 2025 Ryan McCue, CC-BY-NC fair.pm
Slide 36
Slide 36 text
© 2025 Ryan McCue, CC-BY-NC fair.pm
Problem #1:
Third-party
packages can’t
be installed.
Plugins and themes can only be updated from
these third-party sources, not installed directly.
The only place new packages can be installed
from is WordPress.org.
This creates a terrible user experience, since
there’s no place you can find all of the available
plugins/themes at once.
Slide 37
Slide 37 text
© 2025 Ryan McCue, CC-BY-NC fair.pm
Problem #2:
Every plugin
works
differently.
Every plugin developer has to invent their own
solution to this problem by hijacking the
WordPress update system.
This creates a burden of work for developers to
build their own solution, or bundle one of the
many, many libraries.
It also can hurt site performance with duplicated
code doing the same thing.
Slide 38
Slide 38 text
© 2025 Ryan McCue, CC-BY-NC fair.pm
Problem #3:
It’s hard to
stay safe.
Plugins and themes from external sources have
unclear moderation and safety checks applied to
them.
While WordPress.org doesn’t catch every
problem, it has a moderation team who can
monitor and manage plugins. This moderation
doesn’t apply anywhere else.
Mirrors of WordPress.org could also be unsafe,
since there’s no guarantees that packages
haven’t been changed.
Slide 39
Slide 39 text
© 2025 Ryan McCue, CC-BY-NC fair.pm
Problem #4:
Developers can’t
offer or use
alternatives.
Every developer has to use WordPress.org if
they want to get access to new users via the
plugin install screen.
This gives WordPress.org an immense amount of
power, going against the goal to Democratize
Publishing.
As we’ve seen, WordPress.org is apparently not
an official WordPress Foundation website, it’s
just a personal website. This places control in
one person’s hands.
There’s no ability for developers to run their own
hosting and move off of WordPress.org
Slide 40
Slide 40 text
© 2025 Ryan McCue, CC-BY-NC fair.pm
Slide 41
Slide 41 text
© 2025 Ryan McCue, CC-BY-NC fair.pm
Slide 42
Slide 42 text
© 2025 Ryan McCue, CC-BY-NC fair.pm
Slide 43
Slide 43 text
© 2025 Ryan McCue, CC-BY-NC fair.pm
Slide 44
Slide 44 text
© 2025 Ryan McCue, CC-BY-NC fair.pm
Slide 45
Slide 45 text
© 2025 Ryan McCue, CC-BY-NC fair.pm
Slide 46
Slide 46 text
© 2025 Ryan McCue, CC-BY-NC fair.pm
New challenges
1. Analytics & Feedback
If packages are hosted anywhere,
how do we know what’s popular?
How do we get reviews?
2. Moderation & Safety
How do we block malicious or
vulnerable packages?
3. Provenance
How do we make sure users are
getting the real package, not a fake
one?
Slide 47
Slide 47 text
© 2025 Ryan McCue, CC-BY-NC fair.pm
Analytics & Feedback
PROBLEM 1
Slide 48
Slide 48 text
© 2025 Ryan McCue, CC-BY-NC fair.pm
Analytics & Feedback
PROBLEM 1
Slide 49
Slide 49 text
© 2025 Ryan McCue, CC-BY-NC fair.pm
Moderation &
Safety
Existing decentralised social
media is already solving some of
these issues.
What if we copy them?
Problem 2
Slide 50
Slide 50 text
© 2025 Ryan McCue, CC-BY-NC fair.pm
Moderation & Safety
PROBLEM 2
Slide 51
Slide 51 text
© 2025 Ryan McCue, CC-BY-NC fair.pm
Moderation & Safety
PROBLEM 2
Slide 52
Slide 52 text
© 2025 Ryan McCue, CC-BY-NC fair.pm
PROBLEM 2
User Choice
Select how you want to
handle it
Slide 53
Slide 53 text
© 2025 Ryan McCue, CC-BY-NC fair.pm
Our Approach:
Built-in Moderation &
Cautious Federation
Problem 2 & 3
1. Moderation by FAIR
Turned on for all as a baseline
level of protection.
2. Other labelers can be used too
Allows an ecosystem to form.
3. Careful choice of which repos to
federate with
Expanding over time as we add
more layers.
Slide 54
Slide 54 text
© 2025 Ryan McCue, CC-BY-NC fair.pm
Problem 3
Provenance
Making sure users get the
“real” package
1. Domain Validation
Tie plugins directly to domains, like social
media handles
2. Host Information
Shows where it’s hosted.
3. Unique IDs
Globally unique IDs can be verified.
4. And more…
Slide 55
Slide 55 text
© 2025 Ryan McCue, CC-BY-NC fair.pm
PROBLEM 2
Slide 56
Slide 56 text
© 2025 Ryan McCue, CC-BY-NC fair.pm
PROBLEM 2
Provided by FAIR
Slide 57
Slide 57 text
© 2025 Ryan McCue, CC-BY-NC fair.pm
Organisation & Structure
How the project comes together
Slide 58
Slide 58 text
© 2025 Ryan McCue, CC-BY-NC fair.pm
How do we create
open, transparent governance
which supports and balances
commercial and community
with structures to make
clear consensus decisions?
Slide 59
Slide 59 text
fair.pm
© 2025 Ryan McCue, CC-BY-NC
Slide 60
Slide 60 text
© 2025 Ryan McCue, CC-BY-NC fair.pm
Technical leadership
Frequent contributors are nominated to the
Technical Steering Committee (TSC).
Every member of the TSC is able to vote in
leadership elections and other votes.
The TSC elects three co-chairs for
staggered terms.
Decisions are made with lazy consensus
where possible, with co-chairs able to mediate
and make a final call where needed.
Slide 61
Slide 61 text
© 2025 Ryan McCue, CC-BY-NC fair.pm
Governing Board
“The Business Side”
Paid sponsors through the Linux Foundation comprise the
governing board.
The governing board advises the project direction, helps to
review the roadmap, and directs funds towards project efforts.
FAIR is part of
Slide 62
Slide 62 text
fair.pm
© 2025 Ryan McCue, CC-BY-NC
Slide 63
Slide 63 text
fair.pm
© 2025 Ryan McCue, CC-BY-NC
Slide 64
Slide 64 text
© 2025 Ryan McCue, CC-BY-NC fair.pm
Projects & Contributing
Slide 65
Slide 65 text
© 2025 Ryan McCue, CC-BY-NC fair.pm
FAIR Package Manager Projects
The components making up the network
FAIR Plugin
User-installable plugin for
your WordPress site,
connects to the network
Includes technical
independence functionality
Mini FAIR Repo
Self-hostable repository to
host your own packages
on a WP site.
Integrates with Git
Updater, others coming
soon.
github.com/fairpm/fair-plugin github.com/fairpm/mini-fair-repo
AspireCloud
Mirror of WordPress.org.
Transforming into our
discovery aggregator.
github.com/aspirepress/AspireCloud
Slide 66
Slide 66 text
© 2025 Ryan McCue, CC-BY-NC fair.pm
Other Projects
& Places to Contribute
AspireExplore
Public directory for all the packages
indexed by AspireCloud.
Future: Analytics Service
Centralised, neutral analytics service
providing data equally to everyone.
fair.pm Website
Documentation, news, and policies
from the FAIR team.
Future: Moderation Tool
Our built-in moderation service,
building off Bluesky’s Ozone
labeler project.
fair.pm
github.com/fairpm
chat.fair.pm
fair.pm/packages
Slide 67
Slide 67 text
© 2025 Ryan McCue, CC-BY-NC fair.pm
Thank You!
fair.pm
github.com/fairpm
chat.fair.pm
rmccue.io
🦋 @rmccue.io
Slide 68
Slide 68 text
© 2025 Ryan McCue, CC-BY-NC fair.pm
License
These slides and any original materials such as diagrams are
licensed under CC BY-NC 4.0.
Credits
Photo Credits
Slide 1: Photo by Markus Spiske on Unsplash
Slide 49: Diagrams and screenshots from
https://docs.bsky.app/blog/blueskys-moderation-architecture and
https://bsky.social/about/blog/03-12-2024-stackable-moderation
Slide 53:
Photo by Joe Dudeck on Unsplash
Photo by NASA on Unsplash
Slide 66:
Photo by Shane McLendon on Unsplash