Cloudflare on Wednesday rolled out EmDash, which it described as “the spiritual successor to WordPress.” The safety vendor positioned EmDash as a much more safe web site constructing device that avoids the in depth cybersecurity issues with WordPress plugins.
However the Cloudflare claims go far past cybersecurity points. The seller is arguing that the very nature of internet sites in 2026 is sharply totally different to the sort of web site that WordPress was designed to deal with.
“WordPress powers over 40% of the internet. It is a massive success that has enabled anyone to be a publisher, and created a global community of WordPress developers. But the WordPress open source project will be 24 years old this year,” the Cloudflare announcement mentioned. “Hosting a website has changed dramatically during that time. When WordPress was born, AWS EC2 didn’t exist. In the intervening years, that task has gone from renting virtual private servers, to uploading a JavaScript bundle to a globally distributed network at virtually no cost. It’s time to upgrade the most popular CMS on the internet to take advantage of this change.”
Extra versatile licensing
Cloudflare’s assertion additionally steered that it’s delivering open supply in a manner that’s probably extra open and versatile than the WordPress method.
“EmDash is fully open source, MIT licensed, and available on GitHub. While EmDash aims to be compatible with WordPress functionality, no WordPress code was used to create EmDash. That allows us to license the open source project under the more permissive MIT license. We hope that allows more developers to adapt, extend, and participate in EmDash’s development,” the corporate mentioned. “EmDash is committed to building on what WordPress created: an open source publishing stack that anyone can install and use at little cost, while fixing the core problems that WordPress cannot solve.”
The following wave of internet growth
In an interview with Computerworld, Cloudflare senior product supervisor Matt Taylor mentioned his staff sees the venture as the subsequent wave of internet growth platforms.
“There is a whole new generation of developers, and WordPress is old news to them. If you are starting today, there is no way you are picking WordPress,” Taylor mentioned, including that AI brokers are additionally not going to go for WordPress platforms when creating new websites.
Even when including Cloudflare in entrance of a WordPress web site to reinforce safety, he famous, “you have to hack the system to work with the modern internet.”
WordPress was unable to supply its suggestions on the announcement by deadline.
WordPress not for brand spanking new customers
Melody Brue, principal analyst for Moor Insights & Technique, mentioned she has not seen many builders who are usually not already skilled with WordPress selecting it to construct websites, and that she can be seeing that AI brokers by no means go for WordPress until they got specific directions to take action. Given how rampant autonomous AI brokers are right now, the flexibility to be extra hospitable to agentic techniques might show an enormous benefit.
“For somebody new, you have this opportunity to skip all of these legacy CMS assumptions and have true least privilege by design, a first class experience for agents. At least, that is what [Cloudflare] is trying to deliver,” Brue mentioned. “They are baking in agent skills.”
Enterprise considerations
In relation to enterprise internet growth methods, nonetheless, issues get a bit extra complicated, Brue mentioned. Given how deeply they’re already invested in WordPress code and plugins and the assist atmosphere, present WordPress enterprise customers are usually not prone to simply transfer.
However the in depth authorized outbursts from final 12 months involving Automattic CEO Matt Mullenweg, and the lawsuit with WP Engine, made some enterprise IT executives nervous, as soon as they realized how a lot management one particular person had over WordPress platforms.
Brue mentioned, “I can understand the concerns,” however added that the WordPress squabbles appear to have turn out to be extra subdued these days: “There is now less of the tantrum throwing happening.”
Thomas Randall, a analysis director at Data-Tech Analysis Group, agreed with Brue that enterprise environments are unlikely to desert WordPress any time quickly.
“Is EmDash the spiritual successor to WordPress? Not from what Cloudflare has shown so far. The problem Cloudflare highlights, security vulnerabilities in WordPress plugins, is real. But the rest of the announcement deserves skepticism,” Randall mentioned. “For instance, enterprise IT teams with complex WordPress environments will encounter nontrivial barriers for migration. EmDash uses Portable Text rather than WordPress’s HTML content model, which would significantly complicate automated migration. Existing PHP themes and plugins would not carry over directly and would likely require substantial redevelopment.”
However that may nonetheless open the door to newcomers who haven’t already invested within the WordPress atmosphere.
Competing in a special layer
Noah Kenney, principal marketing consultant for Digital 520, mentioned the longer term is prone to look rather more inviting for an EmDash-like method than for legacy WordPress.
“Cloudflare’s EmDash is less about replacing WordPress outright and more about setting a new security baseline, which is that CMS platforms should have isolated execution environments, least-privilege access, and verifiable permission models,” Kenney mentioned. “That has implications for both content management and how enterprises evaluate third-party extensibility risk more broadly.”
Nonetheless, he famous, “viability is an ecosystem question just as much as it is a technical one. EmDash, even if superior from an architectural perspective, is effectively starting from zero. Enterprise adoption will depend heavily on migration tooling, developer adoption, and whether Cloudflare can build a credible plugin and integration ecosystem.”
Kenney added that he sees EmDash as “very likely to influence the next phase of CMS architecture, particularly in security-sensitive and enterprise environments where plugin risk is already a prevalent issue.”
Sanchit Vir Gogia, chief analyst at Greyhound Analysis, noticed the EmDash transfer in a much wider context, probably signaling the near-term way forward for web site methods.
“EmDash is competing in a different layer altogether,” Gogia mentioned. “It sits closer to composable and headless CMS platforms like Contentful and Strapi, and even closer to developer frameworks like Astro. It is collapsing what used to be separate concerns; content management, execution runtime, and security enforcement are being fused into one programmable environment.”
This, he noticed, “is where the real friction emerges. Traditional CMS buyers are not necessarily developers first. They prioritize usability, ecosystem depth, and speed of execution for business teams. EmDash is clearly optimized for developers and architects. So the competition is not just product versus product. It is operating model versus operating model. And in that contest, incumbents have inertia on their side, while EmDash has architectural purity. History shows those two rarely move at the same speed.”
This text initially appeared on Computerworld.
