Cloudflare’s new CMS is not a WordPress killer, it’s a WordPress alternative

“WordPress powers over 40 of the internet. It is a massive success that has enabled anyone to be a publisher, and created a global community of WordPress developers. But the WordPress open source project will be 24 years old this year,” the Cloudflare announcement said. “Hosting a website has changed dramatically during that time. When WordPress was born, AWS EC2 didn’t exist. In the intervening years, that task has gone from renting virtual private servers, to uploading a JavaScript bundle to a globally distributed network at virtually no cost. It’s time to upgrade the most popular CMS on the internet to take advantage of this change.” More flexible licensing Cloudflare’s statement also suggested that it is delivering open source in a way that is potentially more open and flexible than the WordPress approach. “EmDash is fully open source, MIT licensed, and available on GitHub. While EmDash aims to be compatible with WordPress functionality, no WordPress code was used to create EmDash. That allows us to license the open source project under the more permissive MIT license. We hope that allows more developers to adapt, extend, and participate in EmDash’s development,” the company said. “EmDash is committed to building on what WordPress created: an open source publishing stack that anyone can install and use at little cost, while fixing the core problems that WordPress cannot solve.” The next wave of web development In an interview with Computerworld, Cloudflare senior product manager Matt Taylor said his team sees the project as the next wave of web development platforms. “There is a whole new generation of developers, and WordPress is old news to them. If you are starting today, there is no way you are picking WordPress,” Taylor said, adding that AI agents are also not going to opt for WordPress platforms when creating new sites. Even when adding Cloudflare in front of a WordPress site to enhance security, he noted, “you have to hack the system to work with the modern internet.” WordPress was unable to provide its feedback on the announcement by deadline. WordPress not for new users Melody Brue, principal analyst for Moor Insights Strategy, said she has not seen many developers who are not already experienced with WordPress choosing it to build sites, and that she is also seeing that AI agents never opt for WordPress unless they were given explicit instructions to do so. Given how rampant autonomous AI agents are today, the ability to be more hospitable to agentic systems may prove a massive advantage. “For somebody new, you have this opportunity to skip all of these legacy CMS assumptions and have true least privilege by design, a first class experience for agents. At least, that is what [Cloudflare] is trying to deliver,” Brue said. “They are baking in agent skills.” Enterprise concerns When it comes to enterprise web development strategies, however, things get a little more complex, Brue said. Given how deeply they are already invested in WordPress code and plugins and the support environment, existing WordPress enterprise users are not likely to easily move. But the extensive legal outbursts from last year involving Automattic CEO Matt Mullenweg, and the lawsuit with WP Engine, made some enterprise IT executives nervous, once they realized how much control one person had over WordPress platforms. Brue said, “I can understand the concerns,” but added that the WordPress squabbles seem to have become more subdued lately: “There is now less of the tantrum throwing happening.” Thomas Randall, a research director at Info-Tech Research Group, agreed with Brue that enterprise environments are unlikely to abandon WordPress any time soon. “Is EmDash the spiritual successor to WordPress? Not from what Cloudflare has shown so far. The problem Cloudflare highlights, security vulnerabilities in WordPress plugins, is real. But the rest of the announcement deserves skepticism,” Randall said. “For instance, enterprise IT teams with complex WordPress environments will encounter nontrivial barriers for migration. EmDash uses Portable Text rather than WordPress’s HTML content model, which would significantly complicate automated migration. Existing PHP themes and plugins would not carry over directly and would likely require substantial redevelopment.” But that would still open the door to newcomers who have not already invested in the WordPress environment. Competing in a different layer Noah Kenney, principal consultant for Digital 520, said the future is likely to look much more inviting for an EmDash-like approach than for legacy WordPress. “Cloudflare’s EmDash is less about replacing WordPress outright and more about setting a new security baseline, which is that CMS platforms should have isolated execution environments, least-privilege access, and verifiable permission models,” Kenney said. “That has implications for both content management and how enterprises evaluate third-party extensibility risk more broadly.” However, he noted, “viability is an ecosystem question just as much as it is a technical one. EmDash, even if superior from an architectural perspective, is effectively starting from zero. Enterprise adoption will depend heavily on migration tooling, developer adoption, and whether Cloudflare can build a credible plugin and integration ecosystem.” Kenney added that he sees EmDash as “very likely to influence the next phase of CMS architecture, particularly in security-sensitive and enterprise environments where plugin risk is already a prevalent issue.” Sanchit Vir Gogia, chief analyst at Greyhound Research, saw the EmDash move in a much broader context, potentially signaling the near-term future of website strategies. “EmDash is competing in a different layer altogether,” Gogia said. “It sits closer to composable and headless CMS platforms like Contentful and Strapi, and even closer to developer frameworks like Astro. It is collapsing what used to be separate concerns; content management, execution runtime, and security enforcement are being fused into one programmable environment.” This, he observed, “is where the real friction emerges. Traditional CMS buyers are not necessarily developers first. They prioritize usability, ecosystem depth, and speed of execution for business teams. EmDash is clearly optimized for developers and architects. So the competition is not just product versus product. It is operating model versus operating model. And in that contest, incumbents have inertia on their side, while EmDash has architectural purity. History shows those two rarely move at the same speed.”