Cloudflare announced a new content management system called EmDash that it says is the “spiritual successor to WordPress.” Could EmDash be your next content management system? Here are six reasons why EmDash may be the content management system of tomorrow… but not today.
1. EmDash Is Not User Focused
Cloudflare’s biggest selling point for its new CMS, as stated in the title of the announcement, is that it solves the WordPress security problem. Over 25% of the announcement focuses on discussing plugin security.
The remaining 73% of the announcement is dedicated to:
- Background information about the evolution of web development.
- Putting WordPress within the context of the history of web development.
- The technical architecture.
- Security and authentication.
- Readiness for the x402 standard, which enables users to monetize agentic website traffic.
There are over 2,700 words in that announcement, and the only part that arguably has direct importance to actual users like bloggers, businesses, and other publishers is the part about plugin security. The rest of the content is developer- and coder-focused and not user-focused at all.
There are many reasons to choose a CMS, and while security is important to businesses and online publishers, there are other reasons that are far more important.
2. The Case For Plugin Security
Cloudflare explains that WordPress plugin security is compromised because plugins are granted full access to a website’s internal files and database. This lack of boundaries means that if a single plugin has a flaw or malicious intent, it can compromise the entire site. The announcement explains that the vast majority of security vulnerabilities (96%) originate from third-party plugins.
What the announcement doesn’t say is that the vast majority of WordPress plugin vulnerabilities are not likely to be exploitable at scale. Only 17% of plugins are high severity, and of those, many of them are not installed on many websites.
Research from Patchstack WordPress security shows that in 2025:
“1,966 (17%) vulnerabilities had a high severity score, meaning they were likely to be exploited in automated mass-scale attacks.
…Furthermore, our Zero Day program found 33 highly critical vulnerabilities in Premium components, compared to only 12 in free components.”
There are many WordPress vulnerabilities discovered every day, but most of them are low risk and are found on plugins that are not widely used. If plugin security is EmDash’s main selling point, it’s not much of a selling point in the real world.
Cloudflare’s solution for improving plugin security is solid and well designed. However, a reasonable argument could be made that Cloudflare’s case for plugin security is overstating its importance in the overall scheme of what users actually need.
3. EmDash Is Built To Solve Infrastructure Problems
In a post on X, Jamie Marsland of Automattic acknowledged that EmDash offers innovative solutions but argues that its focus is on solving infrastructure issues and is not focused on the daily problems that an actual CMS user (like a restaurant owner or a recipe blogger) would be interested in.
Marsland makes the point that developers may care about “cleaner abstractions” and “isolate runtimes,” but small business owners care about things like bookings, SEO, and customer acquisition. He uses the analogy of EmDash being a “tidy desk” for people who aren’t actually looking to tidy their desks but rather are focused on using a CMS that helps them run a business.
“…when very smart people rebuild something from scratch, they tend to fix the problems they can see most clearly.
And the problems Cloudflare sees are very real:
- Plugin security (sandboxing, isolation)
- Serverless scaling
- Modern developer experience
- AI-native programmability
All of which make perfect sense… If you are looking at the world from inside an infrastructure company.
…If you are a developer, this feels like someone has finally tidied your desk. The problem is that most people are not trying to tidy their desk.
They are trying to run a business from it while:
- replying to emails
- posting on social
- updating their website
- wondering why traffic dropped”
4. EmDash May Not Be User Friendly
EmDash is built on Astro, which technically is not a CMS; it’s a web framework. EmDash wraps Astro around a graphical user interface (GUI) for content management that may feel familiar to anyone who has used WordPress. But setting it all up is not as easy as WordPress’s famous five minute setup because it can involve connecting to a GitHub repository and configuring database settings. The same is true for getting the site to look how a user wants it to look.
It has a GUI for managing content, but it does not (yet) have a point-and-click website builder the way most modern content management systems like WordPress and Wix do.
5. Command Line Interface
I’m old enough to remember what using a desktop computer in 1980 was like. The interface was essentially a command line interface, with a cursor impatiently blinking at the user, waiting for cryptic commands to make it do something. It was not until 1983 that Apple introduced a graphical user interface (GUI) that made interacting with a computer easy for everyday users.
If you like typing cryptic commands to make a computer function, then EmDash’s command line interface is for you. At this point, users won’t be able to get away from it because users currently cannot set up an EmDash site from scratch without resorting to a CLI. Even the “one-click” deployment options in the Cloudflare Dashboard eventually require technical configuration that is usually handled via the terminal.
6. EmDash Is Not Ready For Most Users
I was quite excited to read Cloudflare’s announcement about a “spiritual successor” to WordPress, but the more I read, the more it became apparent that EmDash is not the solution I am looking for. Yes, I want a fast-performing website. Yes, I want a site that is secure and won’t surprise me one day with Japanese text.
But I don’t want to deal with a CLI, and I do want an easy-to-use interface for setting up and building an attractive website for myself. EmDash is not ready for general use. It’s still in early developer beta. The version number on it is 0.1.0, so at this point it’s literally not for the average user.
Hopefully, some day it will be a viable competitor to WordPress, but EmDash is not that right now.
Featured Image by Shutterstock/Ollyy
