EmDash - The Spiritual Successor to WordPress

EmDash is a new Content Management System (CMS) developed by Cloudflare as the "spiritual successor to WordPress" that addresses fundamental security and scaling issues inherent in the WordPress ecosystem.

Overview

Built entirely in TypeScript and powered by Astro, EmDash represents a complete rewrite of the WordPress concept for the modern web. While aiming for WordPress compatibility, EmDash is not a fork of WordPress but rather a completely new implementation that leverages contemporary web technologies.

Key Features

Secure Plugin Architecture

The most significant improvement over WordPress is EmDash's plugin security model:

• Sandboxed Execution: Each plugin runs in its own isolated sandbox using Dynamic Workers
• Capability-Based Permissions: Plugins must explicitly declare the capabilities they need in their manifest
• Strict Guarantees: Plugins can only perform actions explicitly declared in their manifest
• Controlled Access: Unlike WordPress plugins that have full access to the database and filesystem, EmDash plugins receive scoped access

For example, an EmDash plugin that sends emails after content publication would look like this:

import { definePlugin } from "emdash";
export default () => definePlugin({
  id: "notify-on-publish",
  version: "1.0.0",
  capabilities: ["read:content", "email:send"],
  hooks: {
    "content:afterSave": async (event, ctx) => {
      if (event.collection !== "posts" || event.content.status !== "published") return;
      await ctx.email!.send({
        to: "[email protected]",
        subject: `New post published: ${event.content.title}`,
        text: `"${event.content.title}" is now live.`,
      });
      ctx.log.info(`Notified editors about ${event.content.id}`);
    },
  },
});

Mitigating Marketplace Lock-in

EmDash addresses two critical problems with WordPress plugin architecture:

1. Flexible Licensing: Plugins can have any license (not forced to GPL) since they run independently
2. Reduced Marketplace Dependence: The sandboxing model means plugins can be trusted without marketplace approval

As the blog post explains: "The more that both sites and platforms can trust the security model to provide constraints, the more that sites and platforms can trust plugins, and break free of centralized control of marketplaces and reputation."

Built-in Business Model for the AI Era

EmDash includes native support for x402, an open standard for internet-native payments that allows content creators to charge for access on a pay-per-use basis. This provides a business model for creators in an era where AI agents access websites on behalf of users.

Serverless Architecture

Unlike traditional WordPress which requires server provisioning and management, EmDash is designed for serverless environments, enabling scale-to-zero hosting where resources are only consumed when needed.

Compatibility and Licensing

While EmDash aims for WordPress functionality, it contains no WordPress code, allowing it to be licensed under the permissive MIT license. This encourages wider adoption and contribution from the development community.

Getting Started

EmDash v0.1.0 is available for early developer preview and can be deployed to a Cloudflare account or any Node.js server. The project is fully open source and available on GitHub.

Conclusion

EmDash represents a significant evolution in CMS architecture, addressing fundamental security concerns while providing a modern, serverless foundation for content publishing in the AI era.