On April 1, 2026, Cloudflare launched a new tool called EmDash v0.1.0.
For a long time, WordPress has been the main way people build websites. But WordPress is old, and it can be slow and hard to keep safe. Cloudflare built EmDash as the spiritual successor to WordPress, a modern version that is faster, more secure, and easier for regular people to use.
What is EmDash? #
EmDash is an open source content management system or CMS. It was built using AI coding agents and a modern framework called Astro. It runs on a global network instead of a single server. It also includes built-in tools that allow AI assistants to help you manage your site or change your design.
Why Cloudflare built EmDash? #
Cloudflare built EmDash to solve the biggest problems that have frustrated WordPress users for years. Instead of just adding more features, they completely changed how a website works to fix performance, complexity, and security.
Fixing performance: WordPress is often slow because it relies on old databases and heavy software. EmDash removes this weight. It runs on a global network that delivers your content from the location closest to your visitor. This makes the site load fast without needing extra speed plugins.
Removing complexity: Managing a WordPress site usually requires a lot of technical work under the hood. You have to manage servers, databases, and constant updates. EmDash is designed to be invisible and easy to use like a normal app. It handles the difficult technical tasks automatically so the user only has to focus on their content.
Solving security risks: Security is the biggest issue for WordPress. A plugin in WordPress is a PHP script that hooks directly into your site. This gives the plugin direct access to your database and files. This means you are trusting that plugin to handle every malicious attack or mistake perfectly.
How EmDash solves the security problem #
Isolated sandboxing: In traditional systems like WordPress, every plugin runs in the same space as your core site. In EmDash, every plugin runs as its own Dynamic Worker (a standalone piece of code that runs in its own secure environment on the Cloudflare network). This means every plugin runs with its own isolated resources. It can only perform actions explicitly declared in the plugin’s manifest. If a plugin is hacked, the attacker is trapped inside that Dynamic Worker and cannot access the rest of your website.
Permission manifests: Plugins in EmDash cannot simply take what they want. They must use a Manifest to declare exactly what permissions they need before you install them. For example, if a plugin needs to send an email, it must explicitly ask for the “email” permission. If it tries to look at your user passwords or delete files, the system automatically blocks it because it was never granted those permissions.
Passkey authentication: Traditional passwords can be stolen or guessed. EmDash uses Passkeys by default, which means you log in using your phone, fingerprint, or face scan. This completely removes the risk of password leaks or hackers trying to guess your login details.
Controlled access: EmDash comes with clear roles like Administrator, Editor, and Author already set up. This ensures that everyone has access only to the tools they need for their specific job and nothing more.
Flexible login options: For larger teams, EmDash can connect directly to your existing company login system (SSO). This allows you to manage who has access to the site automatically using your own company settings.
Network-Level Protection: Because EmDash runs on Cloudflare’s infrastructure, it benefits from built-in security features like DDoS protection to block massive floods of fake traffic meant to crash your site and Web Application Firewalls (WAF) to filter out hacking attempts and malicious code. Since Cloudflare manages the platform’s core code, security patches are applied globally, removing the need for you to manually update the system to stay safe.
Key features #
Content: Blog posts, pages, and custom content types. It uses rich text editing via TipTap with Portable Text storage. Features include revisions, drafts, scheduled publishing, full-text search (FTS5), and inline visual editing.
Admin: A full admin panel with a visual schema builder and a media library that supports drag-drop uploads via signed URLs. It also includes navigation menus, taxonomies, widgets, and a WordPress import wizard.
Auth: Passkey-first (WebAuthn) with OAuth and magic link fallbacks. It uses role-based access control with specific roles for Administrator, Editor, Author, and Contributor.
Plugins: A definePlugin() API with lifecycle hooks, KV storage, and dashboard widgets. All plugins run via sandboxed execution on Cloudflare using Dynamic Worker Loaders to keep the site secure.
Agents: Skill files for AI-assisted plugin and theme development. It includes a CLI for programmatic site management and a built-in MCP server for direct AI tool integration.
WordPress migration: Easily import posts, pages, media, and taxonomies from WXR exports, the WordPress REST API, or WordPress.com. Agent skills are also available to help port existing plugins and themes.
| Term | Definition |
|---|---|
| TipTap / Portable Text | A modern framework for editing and storing content as structured data rather than messy HTML. |
| FTS5 | A high-performance engine for “Full-Text Search” that allows users to search your entire site instantly. |
| WebAuthn | The secure technical standard that allows you to log in with Passkeys instead of passwords. |
| KV Storage | A fast “Key-Value” database used by Cloudflare to store plugin settings and small bits of data. |
| MCP Server | The Model Context Protocol, which allows AI tools to “talk” directly to your website’s data and settings. |
| WXR | The standard XML file for WordPress exports. |
| WordPress REST API | A live connection used to pull data directly from a running WordPress site. |
Should you move to EmDash now? #
In my opinion, no, or at least not yet.
If you already have a working WordPress site that powers your business, moving to EmDash right now is a significant risk. The platform is still very new, and while the security and performance features are impressive, an established site has complexities that require a more mature ecosystem.
However, EmDash is an excellent choice for new, simple projects. If you are starting a fresh blog or a small personal site, the simplicity and speed of the platform make it worth trying. It removes the bloat and security headaches of traditional systems, allowing you to focus purely on your content.
For now, keep an eye on EmDash as it grows. But there is no need to rush into a migration until the platform has more time to prove itself at scale.
External Links #
Cloudflare Blog: [ Introducing EmDash] – Read the official announcement and technical details from the Cloudflare team.
Try EmDash: [ EmDash Playground ] – A live, interactive demo where you can explore the admin interface without any setup.
Official repository: [ EmDash GitHub repository ] – View the source code, report bugs, or contribute to the project.