WordPress is the incredibly popular blogging-come-full-website platform that powers over 835 million websites* in 2024.

It’s functionality is extended by plugins, and one such very popular plugin is Advanced Custom Fields, which is used on over 2,000,000 sites across the world.

ACF announced a while ago that they were making a change to how the plugin works. (Don’t worry if this next bit means nothing to you.) From ACF 6.2.5, use of the ACF Shortcode to output an ACF field is escaped by the WordPress HTML escaping function wp_kses. With the release of ACF 6.2.7 – which happened late this month – escaping some HTML also applies to other functions where ACF handles outputting the value of a field, namely the the_field() and the_sub_field() functions. 

This was a breaking change, and a breaking change on a plugin used by over 2,000,000 websites is no small deal. But ACF handled it brilliantly (to my mind), announcing it beforehand and even ensuring that the plugin told you in Admin if you were going to be effected by the upcoming changes in 6.2.7. (But don’t beat yourself up if you didn’t notice the warning – it does sound pretty techy, I appreciate.) Of course it was in their best interests to handle it well, as it meant they couldn’t face a backlash from broken site owners – or even people claiming not to have seen an email about it, as they let you know via a message in your site’s admin.

This heads up though meant that we could check all of the sites we’ve built and look after, and ensure they were ready for the change before it happened. Luckily what it changed didn’t effect the sites we build, but it did effect a few of the sites we’ve inherited that other people built.

So if you’ve recently upgraded ACF and have noticed some content on your pages looking skewy, down right broken, or just missing, then it could be because of this breaking change. Contact your developer and ask them to update your ACF implementation and you’ll be right as rain again.

It’s also very important to keep your plugins up to date, as WordPress Core is very secure, it’s 3rd party vunerabilities which can let in hacks and compromises – as we’ve seen this year already.