On April 1, 2026 - and this isn't a fish - Cloudflare officially unveiled EmDasha brand-new open-source content management system written entirely in TypeScript. Presented as the "spiritual successor to WordPress", EmDash Cloudflare aims to resolve the structural security flaws that have plagued the WordPress ecosystem for over twenty years, while rethinking what a CMS should be in the age of serverless and artificial intelligence.
For web agencies like ours, this announcement is not insignificant. Today, WordPress accounts for around 43 % of the world's websites. Every time a serious competitor emerges, our entire industry has to ask itself the question: should we take an interest now, or wait? Here's our full analysis ofEmDash Cloudflareits promises, its limits, and what it means in concrete terms for web professionals.
The WordPress security problem that EmDash wants to solve
Cloudflare's starting point is a damning observation: 96 % of security vulnerabilities affecting WordPress sites come from extensions. The reportort Patchstack 2024 lists almost 8,000 new vulnerabilities discovered in the WordPress ecosystem in 2024 alone. And 2025 beat this record, with more critical vulnerabilities than the previous two years combined.
The cause is architectural. A WordPress plugin is a PHP script that runs with full access to the site's database and file system. There is no partitioning, no permissions model, no isolation. When you install an extension, you entrust it with the keys to your entire infrastructure. A single flaw in a plugin can compromise the entire site - a scenario that every web agency has encountered with its clients.
EmDash Cloudflare takes the complete opposite approach. Each plugin runs in an isolated environment called Dynamic Worker. Before installation, the plugin must explicitly declare the permissions it needs: reading content, network access, sending notifications. It's a model similar to mobile app permissions - a concept that end-users already understand intuitively.
Technical architecture: TypeScript, Astro and serverless
Where WordPress is based on PHP and requires a conventional server (Apache/Nginx, MySQL), EmDash Cloudflare is built on a radically different stack. The CMS is written in TypeScript and uses Astro as a framework frontend - one of the most performant frameworks for oriented content sites. Not a single line of WordPress code has been reused, which has enabled Cloudflare to release the project under the MIT license rather than the GPL.
Serverless architecture is a major advantage for agencies. EmDash runs natively on Cloudflare Workers (compute), D1 (SQLite database), and R2 (object storage), but can also be deployed on any Node.js server. The site automatically scales up lors of peak traffic and down to zero when there are no requests - which means billing only on CPU time actually consumed.
| Criteria | WordPress | EmDash Cloudflare |
|---|---|---|
| Language | PHP | TypeScript |
| Framework frontend | Gutenberg (blocks) | Astro |
| Plugin isolation | No | Sandbox (Dynamic Workers) |
| Hosting | Classic server | Serverless (scale-to-zero) |
| License | GPL v2 | MIT |
| Authentication | Password | Default passkeys |
| AI integration | Via third-party plugins | Native MCP server + CLI |
| Monetization | Plugin-dependent | x402 natively integrated |
AI at the heart of CMS: MCP server and Agent Skills
What sets us apart EmDash Cloudflare of the alternatives to WordPress is its "AI-native" approach. Each instance of the CMS embeds an Model Context Protocol (MCP) servera command-line tool, and a set of skills called Agent Skills. These tools enable AI assistants to directly drive the CMS: content migration, theme creation, field restructuring, plugin development.
In concrete terms, a developer can point an AI code agent at his EmDash site and ask it to build a complete theme or migrate WordPress articles. Typed APIs and structured documentation make this process far more reliable than with WordPress's historique architecture. Joost de Valk, creator of the popular Yoast SEO plugin, called EmDash "the most interesting thing to happen to content management in years".
For a web agency, this approach opens up interesting prospects for automation and productivity. The repetitive tasks of configuration, migration and customization could be largely delegated to AI agents - provided that the ecosystem EmDash Cloudflare reach a sufficient level of maturity.
Native monetization with the x402 protocol
Among the most innovative features ofEmDash Cloudflarethe protocol's native support is used. x402. Co-created by Cloudflare and Coinbase in September 2025, this standard exploits HTTP code 402 "Payment Required" - a code that had existed since 1997 but had never really been used - to enable web-scale micropayments.
In practice, any EmDash site can charge for access to its content on demand, without a subscription, credit card formulaire or paywall plugin. All you have to do is configure which content is chargeable, set a price and enter a porcrypto wallet address. Payments are made in stablecoins and settle in seconds.
This model makes perfect sense in a context where AI agents consume massive amounts of web content. With EmDash CloudflareNow, publishers have a built-in mechanism for monetizing this machine traffic, rather than offering it for free. A potential paradigm shift for all content creators, even if actual adoption remains to be demonstrated.
Migration from WordPress: how it works
Cloudflare has anticipated the migration issue. EmDash supports the importation of WordPress sites in two ways: by uploading a standard WXR export file, or by installing the EmDash Exporter plugin on the existing WordPress site. This plugin creates a secure, password-protected access point to the WordPress application, enabling EmDash to retrieve articles, pages, media and taxonomies.
The CMS-integrated Agent Skills are also designed to assist in the portage of WordPress themes and the conversion of Gutenberg blocks to the format Porable Text used by EmDash Cloudflare. That said, let's be realistic: a complex WordPress site with dozens of extensions, Custom Post Types and custom integrations will require substantial migration work.
Current limits: why not migrate right away?
Despite its technical qualities, EmDash Cloudflare has imporant limitations that you should be aware of before getting carried away. The current version is v0.1.0 - a developer beta, not a production tool. There is no drag-and-drop visual page builder encore. Setting up a site requires going through a terminal and manually configuring the database, which effectively excludes non-technical users.
Perhaps the most pertinent criticism comes from Jamie Marsland (Automattic): real CMS users - restaurateurs, bloggers, e-tailers - don't care about runtime isolation or scale-to-zero. They want to manage their reservations, optimize their SEO and acquire customers. The WordPress ecosystem boasts over 60,000 extensions and thousands of themes built over twenty years. EmDash is starting from scratch on this front.
There is also the question of governance. The project is licensed by MIT and open source, which is positive, but it is still run by Cloudflare. Developers will want to see concrete commitments on long-term governance before investing time in this ecosystem. The history of CMS shows that adoption depends more on the richness of the ecosystem (plugins, themes, community) than on technical excellence - Ghost, Craft and Statamic are proof of this.
What our agency has to say
At DualMedia, we work daily with WordPress for our customers. The launch ofEmDash Cloudflare doesn't change our immediate recommendation: WordPress remains today the most rational choice for the great majority of web projects, thanks to its maturity, ecosystem and unrivalled community.
But we're following EmDash very closely. The isolation-based security model, serverless architecture, native AI integration and x402 protocol provide a coherent vision of tomorrow's CMS. For experimental projects, headless sites, or customers with fortes performance edge and security requirements, EmDash Cloudflare deserves to be tested right now in its beta version.
The source code is available on GitHub under the MIT license. You can deploy preview v0.1.0 on your own Cloudflare account or on any Node.js server.
- GitHub repository : github.com/emdash-cms/emdash
- Official announcement: blog.cloudflare.com/emdash-wordpress
- Analysis by Joost de Valk : joost.blog/emdash-cms
Do you have a web project or a question about choosing your CMS? DualMedia supports you in the design, development and optimization of your websites. Contact our team to discuss it.