Cloudflare introduces EmDash, an open-source content management system designed as the spiritual successor to WordPress. This new platform prioritizes security and efficiency to address longstanding vulnerabilities in traditional CMS options.
Addressing Plugin Vulnerabilities
Data shows that 96% of WordPress vulnerabilities originate from plugins. These plugins gain full access to the database and filesystem, running without isolation from the core code. EmDash counters this by enclosing each plugin in an isolated Dynamic Workers sandbox. Plugins must declare exact permissions upfront, ensuring secure-by-design operation.
Current WordPress processes rely on manual reviews via centralized marketplaces, creating a backlog of approximately 800 plugins awaiting approval. EmDash bypasses this model, allowing developers to distribute plugins under any license. Plugins operate independently in secure environments, eliminating marketplace dependencies.
Scale-to-Zero Architecture
EmDash adopts a scale-to-zero principle, billing only for actual CPU usage during operations. The system automatically reduces to zero when no requests arrive. Senior Product Manager Matt Taylor and Senior Principal Systems Engineer Matt Kane explain, “We’ve bet on this architecture at Cloudflare in part because we believe in having low cost and free tiers, and that everyone should be able to build websites that scale.”
Frontend and AI-Native Capabilities
The frontend leverages Astro, empowering users to create custom themes, pages, layouts, components, and styles. Positioned as an AI-native CMS, EmDash integrates Agent Skills, a command-line interface (CLI), and a built-in MCP server.
Seamless Migration from WordPress
WordPress users can transition effortlessly by importing WXR files or installing the EmDash Exporter plugin. This approach simplifies the shift to a more secure, scalable platform.
