New open-source CMS solves plugin security with sandboxed architecture and AI-native features
Cloudflare, Inc., the leading connectivity cloud company, today announced the developer preview of EmDash. This new open-source content management system (CMS) is designed to reimagine how websites are built, secured, and scaled. Built from the ground up using TypeScript and serverless architecture, EmDash addresses the long-standing security limitations of legacy platforms like WordPress.
While WordPress powers over 40% of the web, Cloudflare argues its two-decade-old architecture is increasingly misaligned with modern security expectations. “The web has fundamentally changed—and so must the systems we use to build it,” Cloudflare stated in its announcement.
Addressing the Plugin Security Crisis
The core innovation of EmDash is a fundamental redesign of plugin operations. Cloudflare highlights that 96% of WordPress vulnerabilities originate from plugins with unrestricted database access.
EmDash solves this through a “Dynamic Worker” architecture. Every plugin runs in an isolated sandbox and must explicitly declare permissions. This model reduces security breaches and removes the need for centralized marketplaces to establish trust, as users can adopt any plugin with confidence in its enforced boundaries.
Built for the Serverless, Developer-First Web
EmDash is built on Astro 6.0 and runs natively on Cloudflare Workers. This allows websites to:
- Scale to Zero: Compute costs are incurred only when serving active requests.
- Modern Tooling: Embraces JavaScript and TypeScript instead of legacy PHP.
- Hosting Flexibility: While optimized for Cloudflare, it can be deployed in any Node.js-compatible environment.
AI-Native and WordPress Migration
A key differentiator is the AI-native architecture. EmDash includes built-in support for AI agents and an integrated Model Context Protocol (MCP) server, enabling programmatic site management and automated content workflows.
To support the transition from legacy systems, Cloudflare introduced tools to simplify migration. Existing sites can be imported using standard WXR files or a dedicated exporter plugin, moving content and media into EmDash with minimal friction.
Early Stage, Long-Term Vision
Currently in v0.1.0 developer preview, EmDash is in its infancy and lacks the massive theme ecosystem of WordPress. However, it represents a forward-looking alternative for developers seeking a secure, scalable, and AI-integrated solution for the next generation of web publishing.
