If Cloudflare really have radically changed their software development philosophy lately, this would actually be an interesting project, being based on Astro and coming with some APIs for programmatic management.
Them being so happy about the „cost of software development“ and not going very deep into ecosystem, community or project management doesn’t convince me that this is going to be a worthwhile project, even if, unlike their previous vibe coding demos, this one actually works.
I'm the main engineer on this. I've also been on the Astro core team for two years, so I do think I understand real open source software and community.
As the post implies, I did use a lot of agent time on this, but this isn't a vibe-coded weekend project. I've been working full time on this since mid-January.
I started calling it LLM assisted coding. If you know what you’re doing but use LLMs to do tedious stuff and educate yourself on the unfamiliar bits you can move quite fast. The term vibe coding does not do that process justice imho.
I think one of the reasons people think this is slop is because of the name. How does the name EmDash relate to being a wordpress spiritual successor? It's clear the name was chosen as it relates to the use of em dashes in AI generated text, so why would you want to be associated with that? Why not choose a name like Astro Press given your experience on Astro?
1- EmDash plugins are written in TypeScript, not PHP
2- EmDash plugins have a specific permissions model, where they need to explicitly request access to certain things.
3- WordPress plugins just invoke things. EmDash plugins have a defined API you use to talk to different capabilitites
4- Those capabilities are totally different, and at a different abstraction, than what WordPress provides.
Beyond the look of the admin interface and publishing flow, I don't see how this is a "Spirtual Successor" to WordPress at all. Its a CMS, designed from scratch, for a serverless world, using CF proprietary capabilities (D1 Databases, R2 for image/media storage, their workers for running things).
The question isn't whether this took longer than a weekend or whether you personally have open source experience, it's whether Emdash is actually being built as an open ecosystem or as a Cloudflare-bound platform. Bringing up your background reads like using prior credibility to justify the project's quality, instead of demonstrating it.
If it only runs properly on Cloudflare's infrastructure, then invoking "understanding open source and community" feels misleading. Those values usually imply portability and independent ecosystem growth, not tight platform coupling.
Also, "not vibeslop" here isn't about effort, it's about whether there's a clear, defensible reason this exists beyond being an AI-accelerated WordPress-like system tied to one vendor.
> But for the past two months our agents have been working on an even more ambitious project: rebuilding the WordPress open source project from the ground up.
They have honed their AI OSS troll marketing chop and every step goes far and far. I'll take it more seriously once they start open sourcing vibe coded projects they actually use in their production.
Maybe what the parent commenter was referring to is that recently CloudFlare have published multiple vibe-code demo blog posts whilst trying to pass it off as production grade, for example https://news.ycombinator.com/item?id=46781516 where they implemented an open standard communication protocol on CloudFlare Workers.
The blog post was chock full of factual errors, claimed to be based off project X but wasn't at all and even had the cheek to include that it was arguably the most secure way to deploy such a server, with their implementation apparently already being used by their team to serve real traffic. Meanwhile the repo was full of TODOs for all the security aspects of the protocol.
Of course after the backlash a lot of this was covered up so look at the archives if you are curious.
They have really done a disservice to themselves because their blog posts used to be excellent, but now I have to question whether it's another blogpost full of fakery like that one (and there was another since iirc).
Given this blog post talks about reimplementing a popular project, it starts to give off the signs of being another one of these. Unfortunate if that's not the case
I don't think it's the code that makes WordPress valuable. I've been learning WordPress recently and haven't been too impressed with the internals. WordPress is valuable because of the ecosystem and support. I have no doubt that WordPress will still be a thing in ten years. What's the support plan for EmDash? I see commits are mostly from a single developer.
E: Oh, I think it's an April fools joke, I'm embarrassed.
Cloudflare doesn't do April fools jokes. In fact, 1.1.1.1 was released on April 1st back in 2018 and now it's one of the most used DNS service in the world.
I hated that shit. I'd load Slashdot and there was no real content or it was difficult to find real news amongst all the crap. It's not funny. It's annoying.
I think you need to account for the base rate. There's a lot of WordPress plugin vulnerability disclosures because there's a lot of WordPress plugins and there are enough deployments of the plugins to make searching for those vulnerabilities is worthwhile.
That site warns that WordPress plugins can be abandoned, but that's clearly not a WordPress specific issue. Sure some site could use SSG, but that's a different design.
I certainly don't want to claim WordPress security is good, but I'm not sure that site is measuring anything meaningful.
wordpress is valuable because it allows very bad developers / marketing people to write very bad code and get away with it, driving extremely low cost solutions for clients who are cost concious.
yes you want a global db handle sure ya lets delete all tables woohoo
> wordpress is valuable because it allows very bad developers / marketing people to write very bad code and get away with it, driving extremely low cost solutions for clients who are cost concious.
You've sort of nailed it, but this isn't a bad thing. An alternative for these customers does not exist.
There's another vertical which is organizations that have armies of writers churning out content. Any kind of publisher or advertiser, basically. There is no better CMS for this. Large organizations like NYT, etc chose to write their own.
>> wordpress is valuable because it allows very bad developers / marketing people to write very bad code and get away with it, driving extremely low cost solutions for clients who are cost concious.
> You've sort of nailed it, but this isn't a bad thing. An alternative for these customers does not exist.
Yes! I'm locked into WordPress, which I hate, because it's the only platform that will allow a non-developer to maintain it if I get hit by a bus.
A decade ago I had to learn and run WordPress for a job. I held my nose up the stink was so bad. But quickly I learned how to manage it and have modern sensible practices around it and I've probably gotten more real value out of it than any other CMS or web framework I've touched. That includes Rails.
Thankfully I don't have to do that anymore, but you can sanely and safely run WordPress today and there's zero shame in it.
There are options that can be run by anyone, but they're often very constrained in what they can do and show.
Wordpress is solidly in that middle ground where you can do a large amount of customization if someone'll pay for it, and then they can do the day-to-day care and feeding of it.
Everything else has either been much worse in all possible ways (Joomla!) or has been a collection of developer wish-lists unusable by anyone (Drupal).
yep. we like it because with shopify or other platforms, you run into limitations. with Wordpress I can literally just whip it into whatever shape i want.
Its impressive work from CF that lots of people in this thread are unsure whether its a joke or not, like a delicately balanced april fools for the hn crowd
A WordPress spiritual successor backed by Cloudflare sounds great in theory, but the headline feature, plugin isolation via Dynamic Workers, only works on Cloudflare's runtime. On any other host it's just a TypeScript CMS without the security model that justifies its existence. Open source but architecturally locked in.
I missed this. So they didn’t really solve much at all. I guess at least it’s compatible with other runtimes. But yeah, who would’ve guessed that Cloudflare software would (besides being vibeslop) prefer Cloudflare infra. This, of course, makes the software quite hard to adopt.
It looks like I'm in the minority after reading this comments, but I'm quite happy to see this announcement.
A "good" standard, free CMS with theming and plugin support without the issues of Wordpress is _welcome_. (And the issues are many: Licensing, trust, drama, security, and cost).
I'm guessing that a lot of cynicism here is coming from this crowd not being the target market of Wordpress in the first place? What were you recommending to non-technical friends and family who wanted a good, open source, affordable CMS to back their website? Wordpress has all the right _ideas_, but the wrong implementation.
I think the cynicism is related to cloudflares recent previous releases that were considered to be slop that significantly overpromised on its capabilities/completeness. Trust can take a long time to rebuild.
> Our name for this new CMS is EmDash. We think of it as the spiritual successor to WordPress. It’s written entirely in TypeScript. It is serverless, but you can run it on your own hardware or any platform you choose. Plugins are securely sandboxed and can run in their own isolate, via Dynamic Workers, solving the fundamental security problem with the WordPress plugin architecture. And under the hood, EmDash is powered by Astro, the fastest web framework for content-driven websites.
To me this sounds of the polar opposite of the direction CMS's need to go, instead simplify and go back to the "websites" roots where a website are static files wherever, it's fast, easy to cache and just so much easier to deal with than server-side rendered websites.
But of course, then they wouldn't be able to sell their own "workers" product, so suddenly I think I might understand why they built it the way they built it, at the very least to dogfood their own stuff.
I'm not sure it actually solves the "fundamental security problem" in actuality though, but I guess that remains to be seen.
I think this is true, however, when it comes to non-coding clients I've worked with they really do like the ability to make minor edits to a site with a UI rather than having to continually ping a developer.
The problem with WordPress (and it looks like this solution largely just replicated the problem) is that it's way too cumbersome and bloated.
It really is unlike any modern UI for really any SaaS or software in general.
It's filled with meaningless admin notices, the sidebar is 5 miles long and about 98% of what the user sees is meaningless to them.
Creating a very lightweight, minimal UI for the client to edit exactly what they need or like you said, just static files really is the best solution in most cases. The "page builders" always just turn into a nightmare the clients end up handing over for a dev to "fix" anyways.
Not sure why so many people feel the need to continue on the decades of bloat and cruft WordPress has accumulated, even if it's "modernized."
It looks like they rolled it so you can plug in local components of your choice, though? The security model does assume you have MAC containerized environments available at your fingertips though, so having something like DHH's once is probably a soft minimal dependency if you want to do-it-yourself.
The question is then they'd be building some brand new thing not compatible with wordpress. Supposedly the proposition is to steal people away from wordpress. Not just get people building something from scratch looking for a new framework. I'm guessing the recent lawsuits also provide some momentum.
It's not compatible with WordPress, though. It slurps a WordPress export, which is quite literally static data. They expect you to code up anything dynamic using their agent skill.
Reminds me of Vercel and NextJS, where a popular framework design is constrained by, or optimally runs, on their infra, but then comes with pains or unusualness if self-hosted (eg. middleware). Vendor lock-in plays are a big red flag
But "back to CMS roots" is absolutely not what the WordPress ecosystem is about. It's about the absolute galaxy of plugins that provide you with an entire digital experience "in a box". You can just install whatever plugins for ecommerce, CRM, forms management, payments, event calendars. They will all plugin to both the template system and the MySQL database. There are a lot of well-known and reputable plugins with huge installed bases (woocommerce, gravity forms, yoast seo) but there's a ton of shady ones that can infect your install. Cloudflare is directly addressing the shortcomings of the existing plugin architecture indicating they intend for EmDash to fill a similar niche as an All-in-One digital experience and not just a simple CMS.
> While EmDash aims to be compatible with WordPress functionality, no WordPress code was used to create EmDash. That allows us to license the open source project under the more permissive MIT license.
Ha ha, that's really funny timing given the recent launch of Cleanroom As A Service, promising that you can licensewash other peoples' code quickly and easily: https://malus.sh/
I'm not saying they did that, but it's ironic timing.
It's great that they are recreating much of the fundamental software stack using LLMs. But if you're going to 'vibeslop,' at least do it in a language other than JavaScript.
I struggle to understand why anyone would want to generate code in TypeScript - unless what you're building truly can't be done in Go, Rust, or Kotlin; anything but JS.
I’m not sure how much of an improvement it really is to rewrite something from PHP to TypeScript while claiming security benefits.
It's a shame they don't seem to try to address the divide between CMS's and static sites.
Most WordPress sites could just be static, but WordPress has a nice editor interface, so they're not - unless you use a SSG plugin. Building that into the core workflow (which I believe Astro supports) and giving users a nice hosted editor that produces a static site would be welcome innovation.
I've been migrating a few Wordpress sites from Wordpress to Astro + Strapi recently, working in 'hybrid mode' so the entire site is static except for post previews in Strapi (only that one route is SSR).
Editing content in Strapi, once customized with CKEditor and such, is Wordpressy enough for the human Editors familiar with WP.
EmDash with some aggressive caching and SWR is effectively this, and we're getting closer to that every day. When the cost of maintaining the data part of the CMS is effectively free, you're basically working with a static site anyway.
I haven’t used Wordpress for a few years. But with WP Super Cache (1) we also always did pretty much that: On saving a post/page the static HTML would be written to a cache directory and be the default content served to visitors.
the plugin security problem in WordPress was never really a code quality problem - it was a trust model problem. any developer could publish a plugin and any site owner could install it with one click, with no vetting layer in between. TypeScript and serverless doesn't change that dynamic unless the trust model changes too. curious how EmDash handles third-party plugin permissions at the API boundary.
It runs each sandboxed plugin inside its own dynamic worker, with a separate bridge worker to enforce permissions. The worker only has access to its permitted APIs.
> x402 is an open, neutral standard for Internet-native payments. It lets anyone on the Internet easily charge, and any client pay on-demand, on a pay-per-use basis. A client, such as an agent, sends a HTTP request and receives a HTTP 402 Payment Required status code. In response, the client pays for access on-demand, and the server can let the client through to the requested content.
Fascinating. Cloudflare is envisioning a future where agents are given debit cards by their owners, so they can autonomously send microtransactions to website owners to scrape content or possibly purchase goods on the owner's behalf. I don't know how I feel about that but there's no doubt it's a fascinating concept.
Brb, setting up a honeypot that always responds with HTTP 402 Payment Required demanding 10cents per visit... That's the next "selling 1 million pixels on my website for $1 each", I guess
If you can find a way to trick agents into always accepting your payment required then you could set up a tarpit generating trash content or an infinite string of redirects or "read this other page for more info", charging extra for each one.
Its kind of annoying that CF would use an LLM to build something and try to pass it off as something built from "the ground up". Its just copying the library that was already build and passing it off as their own.
Serious question: Why is everyone still using JavaScript to AI-code projects? You can vibe-code apps with real languages now.
There's no reason to use an interpreted, bloated, weird language anymore. The only reason interpreted languages were a thing was so you could edit a file and re-run it immediately without a compile step. Compiling is now cheap, and you don't have to build expertise in a new language anymore. Ask AI to write your app in Go, it'll happily comply. Run it and it's faster with less memory use and disk space. The code is simpler and smaller making reviewing easier. Distribution is as easy as "copy the file".
I'll grant you, interpreted languages skip the "portability" compiling/distributing step, and let you avoid the stupid MacOS code signing. But Go is stupid easy to cross-compile, and (afaik?) the user can un-quarantine a self-signed app pretty easily.
Will you look at it. Another Wordpress “killer”. Wordpress has that market share because it can be easily installed in a wide variety of servers and because of its plugin ecosystem of dozens of thousands of plugins and huge flexibility/customizability. Wordpress is one of the most flexible pieces of software out there and none of the competition seem to get why Wordpress is so popular.
Serious question: Who actually builds stuff on Cloudflare workers? I mean large software projects / services, and not just side projects where the ability to scale-to-zero is perhaps more important than the scale-to-infinity direction. I feel like Cloudflare keeps pushing workers with its full force yet I fail to see the appeal.
I'm building a commercial SaaS product on Workers. Although I've barely scratched the surface of what Cloudflare offers¹, so far it's been great. The value proposition is effectively the same as serverless in general: You worry about the product, they worry about deployment. Note that Cloudflare Workers is just one (albeit important) star in their constellation of capabilities.
Functional April Fools, the best kind. A couple years ago Eleiko, a weightlifting equipment company did one, the 'Heavy Mug', a 19 poundish steel coffee cup with a handle in the style of a knurled bar, and actually did a limited run of them.
Your first statement is wildly and verifiably untrue (see: https://survey.stackoverflow.co/2025/technology#most-popular...) and your second statement doesn't make sense. I've got like 8 sites on Pages/Workers with R1 + vectorize databases scattered around and I'm not paying a dime for any of that. What cost are you talking about?
Tell that to the guy who got upset with WP Engine. EmDash is clearly "inspired" by WordPress including in its UI, so there's definitely something to it.
The problem with WP Engine was that the name is confusing to users who aren't familiar with it. Presumably the WordPress Engine is the core of Wordpress? Or it's the thing powering Wordpress? It's easy to see ways in which an end user could be confused which was which.
Conversely, this product is called something else, and while their blog post references Wordpress repeatedly it's in a way as to make it very clear that this is not that.
The phrase "spiritual successor to WordPress" is not likely to be judged a trademark violation, though. It doesn't create confusion in the marketplace as to whether Emdash is WordPress.
That used to be a major selling point because hosts enabled PHP for a directory devs would FTP things into, but those days are thankfully long gone. I don't think it's any more difficult to host a JS, TS, or anything else, app than it is to host a PHP app today. In fact, PHP is probably more difficult than something like Netlify.
With PHP you can still drop a single file on shared hosting and be up in minutes, with no build step or CDN proxy in the mix.
npm deps adds plenty of attack surface on its own. Netlify is fine until you need custom binaries or persistent storage, then it gets weird fast. PHP has plenty of warts, but the ops path stays flatter than Node for the boring case most sites need.
All PHP is going to be replaced with single binary Rust apps.
Talented teams will build the atoms for most apps - blogs, CMSes, ticket systems, forums - and it'll be easy for end users to configure.
Rust is easy to code gen and deploy now. No barrier to understanding lifetimes. It's the language everyone should be using Claude Code to emit.
Everyone is now a Rust engineer with 10 years of experience. (I'm not joking, just in case that needs clarification.)
If you haven't tried writing a simple web service in Axum or Actix plus SQLx, you need to give it a try. You'll be amazed at how simple it is, and you'll be even more amazed at how performant and easy it is to work with.
You do not need to know Rust or have any prior Rust experience. You'll pick it up along the way. It's easy and you'll learn it fast.
Rust is a low-defect rate language to serialize to. The syntax begs you to handle errors, nulls, exceptional conditions within the language itself. This is naturally a good fit for most business problems. It doesn't hurt that the language is fast as hell and super portable either.
If the job is now encoding business logic - this is the optimal serialization that I'm aware of. I write Go, Java, Python, TypeScript, PHP, Swift - I can't think of any better language for greenfield projects that don't have existing language/library requirements.
I'm not sure you appreciate why PHP was successful. You might be completely right about all this, but the LAMP-stack "just upload this file to shared hosting" workflow is what made apps like WordPress win out, and the barrier remains significantly higher to do the equivalent with Rust.
I mean it's cool your created a new CMS and all, but beyond the look of the admin interface and publishing flow, I don't see how this is a "Spirtual Successor" to WordPress at all.
Its a CMS, designed from scratch, for a serverless world. It has a stricter, well defined API that plugins are forced to use instead of directly calling/overriding core functionality like in WP. But that benefit comes with a CMS that's built on top of, and seems to prefer, a ton of CF proprietary capabilities (D1 Databases, R2 for image/media storage, their workers for running things).
Maybe not scratch scratch: "And under the hood, EmDash is powered by Astro…"
> It's built on top of, and seems to perfer you use CF proprietary capabilities (D1 Databases, R2 for image/media storage, their workers for running things.
D1 is SQLite, R2 is S3, and there are other ways to securely run plugins. If it was designed to only be possible to deploy on Cloudflare, they didn't do a very good job.
Reading the comments below, have we all fallen for a 1st April Fools' joke?
Actually, rebuilding WordPress without the ecosystem is kind of the point. For example, would Divi or the major page builders rebuild their entire products to support this? I doubt it
"Plugin security is the root of this problem. Marketplace businesses provide trust when parties otherwise cannot easily trust each other. In the case of the WordPress marketplace, the plugin security risk is so large and probable that many of your customers can only reasonably trust your plugin via the marketplace. But in order to be part of the marketplace your code must be licensed in a way that forces you to give it away for free everywhere other than that marketplace. You are locked in."
There was much drama with wordpress some time ago and the plugin marketplace.
The UI doesn't seem geared to power users. E.g. Why is the featured image taking up so much space above the content editing area when it's sized appropriately for the sidebar? Imagine you need to update the text of several posts... Well, now you gotta scroll down half the page to the content area of each one.
And all that padding gets you quite the narrow content area. Not to mention it looks like a very basic TinyMCE. Seems like more of a POC than an actual "spiritual successor".
I'm all for creating new frameworks that are faster and more secure. But I don't see how this one relates to Wordpress (not in PHP, serverless, not "plug and play", dependent on Astro, "AI Native"…).
It looks like a good open source project, but just call it a new CMS. I think calling it a "spiritual successor to WordPress" is just to gain some marketing points.
I really hope Cloudflare is ready and willing to stand by this thing for the next 20 years, and drive it as a first class product with a huge open source team. Because short of that you can just add this to the mile-long list of "successors to WordPress" we've been through over the decades. Maybe they're in it for the long haul. We'll see. But it takes time, and mountains of integrations and acceptance into the wider web authoring ecosystem for anything like this to gain real adoption.
From the people who brought you "we used AI to undercut a project we use rather than pay them fairly for the work we relied on" comes an exciting new lawsuit by Mullenweg for using Wordpress in their product description.
The problem is that it doesn't solve the network-effect problem.
People aren't on WordPress because of WordPress.
They're on WordPress because of WooCommerce, a million themes, BuddyPress, integrations for every stupid internal business API on the planet (many of which are terrible and were written by an idiot with a crayon).
The APIs will have no testing because they are bad. In many cases the WordPress implementation of the API written in the codeblock, ran on page-load to the pain of the person responsible for SEO, is the API contract.
And yes those plugins are also terrible, but they solve business problems, even if they are tech problems.
You can't just launch a better wp-core and expect it to replace any of that.
EmDash needs to actually run the existing insecure WP plugins to takeover.
You seem to have missed the point. This is intended to be more secure in a new world where exploits will be cheap to discover. The factors you mention won't keep people onboard if systems are compromised every day in too many ways for fragmented security teams to keep on top of.
I think this is too soon to call. No one questions whether AI can build things. We question whether they can build stable things that work as expected and stay online in the long run.
The stability question is real but I think it's framed wrong. The issue isn't whether an agent can write correct code in a single session -- they can, and pretty reliably now. It's whether there's a human with enough understanding of the codebase to debug it when something breaks at 2am.
I run parallel coding agents on my own projects daily. The code they produce is fine. What worries me is the "just ship it" energy where nobody on the team deeply understands what got built. That's not an AI problem, it's been a problem with outsourced codebases forever. AI just makes it faster to accumulate code nobody fully groks.
Cloudflare probably has the engineering depth to maintain this regardless of how it was built. A lot of other teams don't.
I too have seen a lot of comments asking where the products are. If you're now moving the goal posts to "stay online in the long run" you're gonna have to wait until there's been a long run to stay online in. Agents aren't that old yet.
Held up getting into the details of this ambitious project because of the name! Ridiculous choice considering the associations with AI, slop, and even the general crowded namespace surrounding that. C'mon.
(looks for cameras) Wait a minute, am I being Punk'D? Oh my god! Ashton, you really got me! Ha Ha! Ashton!
Convince me this isn’t vibeslop.
If Cloudflare really have radically changed their software development philosophy lately, this would actually be an interesting project, being based on Astro and coming with some APIs for programmatic management.
Them being so happy about the „cost of software development“ and not going very deep into ecosystem, community or project management doesn’t convince me that this is going to be a worthwhile project, even if, unlike their previous vibe coding demos, this one actually works.
I'm the main engineer on this. I've also been on the Astro core team for two years, so I do think I understand real open source software and community.
As the post implies, I did use a lot of agent time on this, but this isn't a vibe-coded weekend project. I've been working full time on this since mid-January.
"It's not a vibe-coded weekend project, it's a vibe-coded months long project" doesn't terribly instill confidence.
I started calling it LLM assisted coding. If you know what you’re doing but use LLMs to do tedious stuff and educate yourself on the unfamiliar bits you can move quite fast. The term vibe coding does not do that process justice imho.
There's a big difference between the two. If you still think agent-guided development doesnt work well, you need to update your priors
Agent coded != vibe coded.
I don't write code manually anymore, but Im still getting the exact code output that I want.
how long should it take to gain your confidence? how did you arrive at your number?
the state of the art of software engineering is to use AI. it's just reality
Could you say a few things on your plans to develop the community and ecosystem then as requested?
That's the significant part of Wordpress after all, not the mediocre code.
I think one of the reasons people think this is slop is because of the name. How does the name EmDash relate to being a wordpress spiritual successor? It's clear the name was chosen as it relates to the use of em dashes in AI generated text, so why would you want to be associated with that? Why not choose a name like Astro Press given your experience on Astro?
> It's clear the name was chosen as it relates to the use of em dashes in AI generated text
this is not clear to me, and is not discussed in the article
you can like or dislike the name. but criticizing the quality of work based on your affinity for the name is foolishness
What does "While EmDash aims to be compatible with WordPress functionality" mean?
Compatible how?
Why would you gut the credibility of the project for that tagline then? Why not skip mentioning the agents?
You even open the article by linking the toy project where you used agents to "recreate Next in a week" and released with critical vulnerabilities.
will all my custom Wordpress themes and plugins run on EmDash?
For plugins, no.
1- EmDash plugins are written in TypeScript, not PHP
2- EmDash plugins have a specific permissions model, where they need to explicitly request access to certain things.
3- WordPress plugins just invoke things. EmDash plugins have a defined API you use to talk to different capabilitites
4- Those capabilities are totally different, and at a different abstraction, than what WordPress provides.
Beyond the look of the admin interface and publishing flow, I don't see how this is a "Spirtual Successor" to WordPress at all. Its a CMS, designed from scratch, for a serverless world, using CF proprietary capabilities (D1 Databases, R2 for image/media storage, their workers for running things).
This doesn't really address the concern.
The question isn't whether this took longer than a weekend or whether you personally have open source experience, it's whether Emdash is actually being built as an open ecosystem or as a Cloudflare-bound platform. Bringing up your background reads like using prior credibility to justify the project's quality, instead of demonstrating it.
If it only runs properly on Cloudflare's infrastructure, then invoking "understanding open source and community" feels misleading. Those values usually imply portability and independent ecosystem growth, not tight platform coupling.
Also, "not vibeslop" here isn't about effort, it's about whether there's a clear, defensible reason this exists beyond being an AI-accelerated WordPress-like system tied to one vendor.
If you read the first few sentences...
> But for the past two months our agents have been working on an even more ambitious project: rebuilding the WordPress open source project from the ground up.
They have honed their AI OSS troll marketing chop and every step goes far and far. I'll take it more seriously once they start open sourcing vibe coded projects they actually use in their production.
Coded with AI != slop. AI in the hands of the right person can actually be good. That's gotten _especially_ true in the past few months.
Maybe what the parent commenter was referring to is that recently CloudFlare have published multiple vibe-code demo blog posts whilst trying to pass it off as production grade, for example https://news.ycombinator.com/item?id=46781516 where they implemented an open standard communication protocol on CloudFlare Workers.
The blog post was chock full of factual errors, claimed to be based off project X but wasn't at all and even had the cheek to include that it was arguably the most secure way to deploy such a server, with their implementation apparently already being used by their team to serve real traffic. Meanwhile the repo was full of TODOs for all the security aspects of the protocol.
Of course after the backlash a lot of this was covered up so look at the archives if you are curious.
They have really done a disservice to themselves because their blog posts used to be excellent, but now I have to question whether it's another blogpost full of fakery like that one (and there was another since iirc). Given this blog post talks about reimplementing a popular project, it starts to give off the signs of being another one of these. Unfortunate if that's not the case
I don't think it's the code that makes WordPress valuable. I've been learning WordPress recently and haven't been too impressed with the internals. WordPress is valuable because of the ecosystem and support. I have no doubt that WordPress will still be a thing in ten years. What's the support plan for EmDash? I see commits are mostly from a single developer.
E: Oh, I think it's an April fools joke, I'm embarrassed.
E2: Apparently not a joke.
Cloudflare doesn't do April fools jokes. In fact, 1.1.1.1 was released on April 1st back in 2018 and now it's one of the most used DNS service in the world.
It's a legit April Fools'.
On the initial commit:
> Some content is hidden
> Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.
This for "a spiritual successor to WordPress".
I can assure you this is not an April Fools. Cloudflare does not do that. This is a real project.
I can assure you this is not an April Fools. Cloudflare does not do that.
It should. I miss the days when tech was interesting and fun.
Even Steve Jobs, for all his later-day revisionist hard-assed reputation, enjoyed the occasional Easter egg, inside joke, or April Fool's joke.
I appreciate a good April Fools joke, I also appreciate CloudFlare's approach of "we're extra serious today, here's some useful stuff for ya"
I hated that shit. I'd load Slashdot and there was no real content or it was difficult to find real news amongst all the crap. It's not funny. It's annoying.
I feel bad for you. That's a lot of anger over virtually nothing.
Hm, you might want to catch up on the Wordpress “open source” drama with WP.com vs .org, WP engine and Matt.
There's always https://textpattern.com/ which is also as old as Wordpress (older?) and better coded. (See also thttps://textpattern.org/ ).
It stores plugins as strings in the database, then pulls those strings back and evals them as PHP on requests.
"Better coded" is very much a subjective assessment.
There might be pie on your face but they stole my line, https://github.com/HatmanStack/kill-wordpress
I think you need to account for the base rate. There's a lot of WordPress plugin vulnerability disclosures because there's a lot of WordPress plugins and there are enough deployments of the plugins to make searching for those vulnerabilities is worthwhile.
That site warns that WordPress plugins can be abandoned, but that's clearly not a WordPress specific issue. Sure some site could use SSG, but that's a different design.
I certainly don't want to claim WordPress security is good, but I'm not sure that site is measuring anything meaningful.
Just measured your visit, zing.
wordpress is valuable because it allows very bad developers / marketing people to write very bad code and get away with it, driving extremely low cost solutions for clients who are cost concious.
yes you want a global db handle sure ya lets delete all tables woohoo
> wordpress is valuable because it allows very bad developers / marketing people to write very bad code and get away with it, driving extremely low cost solutions for clients who are cost concious.
You've sort of nailed it, but this isn't a bad thing. An alternative for these customers does not exist.
There's another vertical which is organizations that have armies of writers churning out content. Any kind of publisher or advertiser, basically. There is no better CMS for this. Large organizations like NYT, etc chose to write their own.
>> wordpress is valuable because it allows very bad developers / marketing people to write very bad code and get away with it, driving extremely low cost solutions for clients who are cost concious.
> You've sort of nailed it, but this isn't a bad thing. An alternative for these customers does not exist.
Yes! I'm locked into WordPress, which I hate, because it's the only platform that will allow a non-developer to maintain it if I get hit by a bus.
Which also allows you to not be on call 24/7.
A decade ago I had to learn and run WordPress for a job. I held my nose up the stink was so bad. But quickly I learned how to manage it and have modern sensible practices around it and I've probably gotten more real value out of it than any other CMS or web framework I've touched. That includes Rails.
Thankfully I don't have to do that anymore, but you can sanely and safely run WordPress today and there's zero shame in it.
There are options that can be run by anyone, but they're often very constrained in what they can do and show.
Wordpress is solidly in that middle ground where you can do a large amount of customization if someone'll pay for it, and then they can do the day-to-day care and feeding of it.
Everything else has either been much worse in all possible ways (Joomla!) or has been a collection of developer wish-lists unusable by anyone (Drupal).
yep. we like it because with shopify or other platforms, you run into limitations. with Wordpress I can literally just whip it into whatever shape i want.
Its impressive work from CF that lots of people in this thread are unsure whether its a joke or not, like a delicately balanced april fools for the hn crowd
A WordPress spiritual successor backed by Cloudflare sounds great in theory, but the headline feature, plugin isolation via Dynamic Workers, only works on Cloudflare's runtime. On any other host it's just a TypeScript CMS without the security model that justifies its existence. Open source but architecturally locked in.
I missed this. So they didn’t really solve much at all. I guess at least it’s compatible with other runtimes. But yeah, who would’ve guessed that Cloudflare software would (besides being vibeslop) prefer Cloudflare infra. This, of course, makes the software quite hard to adopt.
> Open source but architecturally locked in.
You hit the nail on the head.
Cloudflare's new business model is to find popular OSS projects, create a vibe coded alternative that only runs on Cloudflare's infrastructure.
Sadly, it looks more and more like it. It’s sad, because they were doing wonderful stuff.
It looks like I'm in the minority after reading this comments, but I'm quite happy to see this announcement.
A "good" standard, free CMS with theming and plugin support without the issues of Wordpress is _welcome_. (And the issues are many: Licensing, trust, drama, security, and cost).
I'm guessing that a lot of cynicism here is coming from this crowd not being the target market of Wordpress in the first place? What were you recommending to non-technical friends and family who wanted a good, open source, affordable CMS to back their website? Wordpress has all the right _ideas_, but the wrong implementation.
I think the cynicism is related to cloudflares recent previous releases that were considered to be slop that significantly overpromised on its capabilities/completeness. Trust can take a long time to rebuild.
> Our name for this new CMS is EmDash. We think of it as the spiritual successor to WordPress. It’s written entirely in TypeScript. It is serverless, but you can run it on your own hardware or any platform you choose. Plugins are securely sandboxed and can run in their own isolate, via Dynamic Workers, solving the fundamental security problem with the WordPress plugin architecture. And under the hood, EmDash is powered by Astro, the fastest web framework for content-driven websites.
To me this sounds of the polar opposite of the direction CMS's need to go, instead simplify and go back to the "websites" roots where a website are static files wherever, it's fast, easy to cache and just so much easier to deal with than server-side rendered websites.
But of course, then they wouldn't be able to sell their own "workers" product, so suddenly I think I might understand why they built it the way they built it, at the very least to dogfood their own stuff.
I'm not sure it actually solves the "fundamental security problem" in actuality though, but I guess that remains to be seen.
I am confused - what are the good “websites” roots? Server-side rendered or not?
I think this is true, however, when it comes to non-coding clients I've worked with they really do like the ability to make minor edits to a site with a UI rather than having to continually ping a developer.
The problem with WordPress (and it looks like this solution largely just replicated the problem) is that it's way too cumbersome and bloated.
It really is unlike any modern UI for really any SaaS or software in general.
It's filled with meaningless admin notices, the sidebar is 5 miles long and about 98% of what the user sees is meaningless to them.
Creating a very lightweight, minimal UI for the client to edit exactly what they need or like you said, just static files really is the best solution in most cases. The "page builders" always just turn into a nightmare the clients end up handing over for a dev to "fix" anyways.
Not sure why so many people feel the need to continue on the decades of bloat and cruft WordPress has accumulated, even if it's "modernized."
Sure, but if I want to host my static files on a website where they are easily cached... cloudflare also offers this product?
It looks like they rolled it so you can plug in local components of your choice, though? The security model does assume you have MAC containerized environments available at your fingertips though, so having something like DHH's once is probably a soft minimal dependency if you want to do-it-yourself.
The question is then they'd be building some brand new thing not compatible with wordpress. Supposedly the proposition is to steal people away from wordpress. Not just get people building something from scratch looking for a new framework. I'm guessing the recent lawsuits also provide some momentum.
It's not compatible with WordPress, though. It slurps a WordPress export, which is quite literally static data. They expect you to code up anything dynamic using their agent skill.
Reminds me of Vercel and NextJS, where a popular framework design is constrained by, or optimally runs, on their infra, but then comes with pains or unusualness if self-hosted (eg. middleware). Vendor lock-in plays are a big red flag
But "back to CMS roots" is absolutely not what the WordPress ecosystem is about. It's about the absolute galaxy of plugins that provide you with an entire digital experience "in a box". You can just install whatever plugins for ecommerce, CRM, forms management, payments, event calendars. They will all plugin to both the template system and the MySQL database. There are a lot of well-known and reputable plugins with huge installed bases (woocommerce, gravity forms, yoast seo) but there's a ton of shady ones that can infect your install. Cloudflare is directly addressing the shortcomings of the existing plugin architecture indicating they intend for EmDash to fill a similar niche as an All-in-One digital experience and not just a simple CMS.
Reading this paragraph I was genuinely convinced it was an April 1st thing.
> While EmDash aims to be compatible with WordPress functionality, no WordPress code was used to create EmDash. That allows us to license the open source project under the more permissive MIT license.
Ha ha, that's really funny timing given the recent launch of Cleanroom As A Service, promising that you can licensewash other peoples' code quickly and easily: https://malus.sh/
I'm not saying they did that, but it's ironic timing.
Malus is (well crafted) satire.
https://fosdem.org/2026/schedule/event/SUVS7G-lets_end_open_...
Spiritually hollow; at this point, it reads more like marketing material than anything of genuine substance.
It's great that they are recreating much of the fundamental software stack using LLMs. But if you're going to 'vibeslop,' at least do it in a language other than JavaScript.
I struggle to understand why anyone would want to generate code in TypeScript - unless what you're building truly can't be done in Go, Rust, or Kotlin; anything but JS.
I’m not sure how much of an improvement it really is to rewrite something from PHP to TypeScript while claiming security benefits.
"solve security" - that's an April Fools joke if I ever heard one.
> Solving scale-to-zero for WordPress hosting platforms > WordPress is not serverless
Just not accurate. WordPress doesn't prevent this.. It's up to hosting providers to work on their infra so it can run in a serverless fashion.
For example: https://www.agiler.io
That's serverless wordpress that scales to zero.. no changes to WordPress, plugins or anything else.. just platform infra.
Last time I checked Wordpress was completely fine living in a couple of PHP files on a webspace. That’s like the pinnacle of „serverless“, is it not?
mysql/mariadb and the shared filesystem requirements are a bit different than what lambda/etc provides. So not really, but it's all solvable clearly.
I dunno, with the constant firehose of debate and disdain for AI this is a joke I'm too burned out about to feel like laughing at.
It's a shame they don't seem to try to address the divide between CMS's and static sites.
Most WordPress sites could just be static, but WordPress has a nice editor interface, so they're not - unless you use a SSG plugin. Building that into the core workflow (which I believe Astro supports) and giving users a nice hosted editor that produces a static site would be welcome innovation.
I've been migrating a few Wordpress sites from Wordpress to Astro + Strapi recently, working in 'hybrid mode' so the entire site is static except for post previews in Strapi (only that one route is SSR).
Editing content in Strapi, once customized with CKEditor and such, is Wordpressy enough for the human Editors familiar with WP.
So far I'm loving the stack.
EmDash with some aggressive caching and SWR is effectively this, and we're getting closer to that every day. When the cost of maintaining the data part of the CMS is effectively free, you're basically working with a static site anyway.
I haven’t used Wordpress for a few years. But with WP Super Cache (1) we also always did pretty much that: On saving a post/page the static HTML would be written to a cache directory and be the default content served to visitors.
[1] https://wordpress.org/plugins/wp-super-cache/
The issue with static sites is they can't do comments.
Astro would call that an island: https://docs.astro.build/en/concepts/islands/
I guess this is our answer to the question of why Cloudflare acquired it in the first place.
I bet 99.9% of live Wordpress sites no longer have comments enabled.
They can - it’s just more complex.
You just put the comments into something like firebase/supabase etc or use one of many off the shelf solutions. Free tier is fine.
Is it still a static site then?
You could just do it with CGI scripts, without the external dependencies, but that isn't really static either.
"Just" sure is doing a lot of heavy lifting in this sentence.
the plugin security problem in WordPress was never really a code quality problem - it was a trust model problem. any developer could publish a plugin and any site owner could install it with one click, with no vetting layer in between. TypeScript and serverless doesn't change that dynamic unless the trust model changes too. curious how EmDash handles third-party plugin permissions at the API boundary.
It runs each sandboxed plugin inside its own dynamic worker, with a separate bridge worker to enforce permissions. The worker only has access to its permitted APIs.
> x402 is an open, neutral standard for Internet-native payments. It lets anyone on the Internet easily charge, and any client pay on-demand, on a pay-per-use basis. A client, such as an agent, sends a HTTP request and receives a HTTP 402 Payment Required status code. In response, the client pays for access on-demand, and the server can let the client through to the requested content.
Fascinating. Cloudflare is envisioning a future where agents are given debit cards by their owners, so they can autonomously send microtransactions to website owners to scrape content or possibly purchase goods on the owner's behalf. I don't know how I feel about that but there's no doubt it's a fascinating concept.
Brb, setting up a honeypot that always responds with HTTP 402 Payment Required demanding 10cents per visit... That's the next "selling 1 million pixels on my website for $1 each", I guess
If you can find a way to trick agents into always accepting your payment required then you could set up a tarpit generating trash content or an infinite string of redirects or "read this other page for more info", charging extra for each one.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/...
It's like the exploit from Office Space is finally legal.
Its kind of annoying that CF would use an LLM to build something and try to pass it off as something built from "the ground up". Its just copying the library that was already build and passing it off as their own.
Serious question: Why is everyone still using JavaScript to AI-code projects? You can vibe-code apps with real languages now.
There's no reason to use an interpreted, bloated, weird language anymore. The only reason interpreted languages were a thing was so you could edit a file and re-run it immediately without a compile step. Compiling is now cheap, and you don't have to build expertise in a new language anymore. Ask AI to write your app in Go, it'll happily comply. Run it and it's faster with less memory use and disk space. The code is simpler and smaller making reviewing easier. Distribution is as easy as "copy the file".
I'll grant you, interpreted languages skip the "portability" compiling/distributing step, and let you avoid the stupid MacOS code signing. But Go is stupid easy to cross-compile, and (afaik?) the user can un-quarantine a self-signed app pretty easily.
Why would I want to publish my writing online when it can just be copied by an AI?
Will you look at it. Another Wordpress “killer”. Wordpress has that market share because it can be easily installed in a wide variety of servers and because of its plugin ecosystem of dozens of thousands of plugins and huge flexibility/customizability. Wordpress is one of the most flexible pieces of software out there and none of the competition seem to get why Wordpress is so popular.
Serious question: Who actually builds stuff on Cloudflare workers? I mean large software projects / services, and not just side projects where the ability to scale-to-zero is perhaps more important than the scale-to-infinity direction. I feel like Cloudflare keeps pushing workers with its full force yet I fail to see the appeal.
I'm building a commercial SaaS product on Workers. Although I've barely scratched the surface of what Cloudflare offers¹, so far it's been great. The value proposition is effectively the same as serverless in general: You worry about the product, they worry about deployment. Note that Cloudflare Workers is just one (albeit important) star in their constellation of capabilities.
¹https://developers.cloudflare.com/directory/?product-group=D...
It's always seemed like a solution looking for a problem.
It's kind of ironic that the name of this product is also the most obvious marker of LLM generated content
That's the joke.
Oh I am slow lol
Is this an April fools?
Name is a joke, but the project is real
Functional April Fools, the best kind. A couple years ago Eleiko, a weightlifting equipment company did one, the 'Heavy Mug', a 19 poundish steel coffee cup with a handle in the style of a knurled bar, and actually did a limited run of them.
"That allows us to license the open source project under the more permissive MIT license."
Wordpress is PHP, which has developer base insanely larger then typescript. Also, a lot cheaper. Compete with that.
Your first statement is wildly and verifiably untrue (see: https://survey.stackoverflow.co/2025/technology#most-popular...) and your second statement doesn't make sense. I've got like 8 sites on Pages/Workers with R1 + vectorize databases scattered around and I'm not paying a dime for any of that. What cost are you talking about?
Coding agents make this much less important.
Yes definitely compare it multiple times to WordPress and nobody will think of calling their lawyers.
Is this April fools? With real products launching on this date you can't really be too sure.
Not an April fools joke. [0]
[0] https://github.com/emdash-cms/emdash
That makes it look more like an April fools joke. All the commits are from today.
Cloudflare specifically launches things on April 1st a lot of times. https://x.com/Cloudflare/status/1907055975057506793
They announced 1.1.1.1 on April 1st way back in 2018 too.
That's not unusual though, large companies releasing something open source very often squash the history at launch.
The best jokes are serious.
> Yes definitely compare it multiple times to WordPress and nobody will think of calling their lawyers.
It's not illegal to make product comparisons. That's just competition.
Tell that to the guy who got upset with WP Engine. EmDash is clearly "inspired" by WordPress including in its UI, so there's definitely something to it.
The problem with WP Engine was that the name is confusing to users who aren't familiar with it. Presumably the WordPress Engine is the core of Wordpress? Or it's the thing powering Wordpress? It's easy to see ways in which an end user could be confused which was which.
Conversely, this product is called something else, and while their blog post references Wordpress repeatedly it's in a way as to make it very clear that this is not that.
The phrase "spiritual successor to WordPress" is not likely to be judged a trademark violation, though. It doesn't create confusion in the marketplace as to whether Emdash is WordPress.
The power of WordPress is not the ease of use, but PHP.
Anything built on PHP will be widely used, like Laravel
That used to be a major selling point because hosts enabled PHP for a directory devs would FTP things into, but those days are thankfully long gone. I don't think it's any more difficult to host a JS, TS, or anything else, app than it is to host a PHP app today. In fact, PHP is probably more difficult than something like Netlify.
That’s also nice joke! You are all killing it today
Well, you’re quite fucking wrong there.
With PHP you can still drop a single file on shared hosting and be up in minutes, with no build step or CDN proxy in the mix.
npm deps adds plenty of attack surface on its own. Netlify is fine until you need custom binaries or persistent storage, then it gets weird fast. PHP has plenty of warts, but the ops path stays flatter than Node for the boring case most sites need.
All PHP is going to be replaced with single binary Rust apps.
Talented teams will build the atoms for most apps - blogs, CMSes, ticket systems, forums - and it'll be easy for end users to configure.
Rust is easy to code gen and deploy now. No barrier to understanding lifetimes. It's the language everyone should be using Claude Code to emit.
Everyone is now a Rust engineer with 10 years of experience. (I'm not joking, just in case that needs clarification.)
If you haven't tried writing a simple web service in Axum or Actix plus SQLx, you need to give it a try. You'll be amazed at how simple it is, and you'll be even more amazed at how performant and easy it is to work with.
You do not need to know Rust or have any prior Rust experience. You'll pick it up along the way. It's easy and you'll learn it fast.
Rust is a low-defect rate language to serialize to. The syntax begs you to handle errors, nulls, exceptional conditions within the language itself. This is naturally a good fit for most business problems. It doesn't hurt that the language is fast as hell and super portable either.
If the job is now encoding business logic - this is the optimal serialization that I'm aware of. I write Go, Java, Python, TypeScript, PHP, Swift - I can't think of any better language for greenfield projects that don't have existing language/library requirements.
I'm not sure you appreciate why PHP was successful. You might be completely right about all this, but the LAMP-stack "just upload this file to shared hosting" workflow is what made apps like WordPress win out, and the barrier remains significantly higher to do the equivalent with Rust.
These april fools jokes keep getting lazier every year.
I mean it's cool your created a new CMS and all, but beyond the look of the admin interface and publishing flow, I don't see how this is a "Spirtual Successor" to WordPress at all.
Its a CMS, designed from scratch, for a serverless world. It has a stricter, well defined API that plugins are forced to use instead of directly calling/overriding core functionality like in WP. But that benefit comes with a CMS that's built on top of, and seems to prefer, a ton of CF proprietary capabilities (D1 Databases, R2 for image/media storage, their workers for running things).
The web need less consolidation on CF, not more.
> Its a CMS, designed from scratch…
Maybe not scratch scratch: "And under the hood, EmDash is powered by Astro…"
> It's built on top of, and seems to perfer you use CF proprietary capabilities (D1 Databases, R2 for image/media storage, their workers for running things.
D1 is SQLite, R2 is S3, and there are other ways to securely run plugins. If it was designed to only be possible to deploy on Cloudflare, they didn't do a very good job.
Reading the comments below, have we all fallen for a 1st April Fools' joke?
Actually, rebuilding WordPress without the ecosystem is kind of the point. For example, would Divi or the major page builders rebuild their entire products to support this? I doubt it
This part is interesting:
"Plugin security is the root of this problem. Marketplace businesses provide trust when parties otherwise cannot easily trust each other. In the case of the WordPress marketplace, the plugin security risk is so large and probable that many of your customers can only reasonably trust your plugin via the marketplace. But in order to be part of the marketplace your code must be licensed in a way that forces you to give it away for free everywhere other than that marketplace. You are locked in."
There was much drama with wordpress some time ago and the plugin marketplace.
If you need a reliable source for WordPress plugins, check out https://github.com/fairpm/fair-plugin?tab=readme-ov-file#fai...
A system for using Federated and Independent Repositories in WordPress
I don't like where any of this is going
Thanks, but I'll stick to WordPress.
The UI doesn't seem geared to power users. E.g. Why is the featured image taking up so much space above the content editing area when it's sized appropriately for the sidebar? Imagine you need to update the text of several posts... Well, now you gotta scroll down half the page to the content area of each one.
And all that padding gets you quite the narrow content area. Not to mention it looks like a very basic TinyMCE. Seems like more of a POC than an actual "spiritual successor".
I'm all for creating new frameworks that are faster and more secure. But I don't see how this one relates to Wordpress (not in PHP, serverless, not "plug and play", dependent on Astro, "AI Native"…).
It looks like a good open source project, but just call it a new CMS. I think calling it a "spiritual successor to WordPress" is just to gain some marketing points.
I am not sure if this is an April fool joke anymore in the age of AI.
This is great, but if the plugin ecosystem isn't compatible will it take off?
Most WordPress users use at least one plugin: it is the appeal of the product.
Who wants to vibe code an open source Cloudflare?
I really hope Cloudflare is ready and willing to stand by this thing for the next 20 years, and drive it as a first class product with a huge open source team. Because short of that you can just add this to the mile-long list of "successors to WordPress" we've been through over the decades. Maybe they're in it for the long haul. We'll see. But it takes time, and mountains of integrations and acceptance into the wider web authoring ecosystem for anything like this to gain real adoption.
One thing that makes it different this time is that coding agents will probably make it easy to port the most important plugins to the new system.
Also, there are successful alternatives to Wordpress too, so the most likely outcome is that it becomes yet another alternative.
I've been wanting a CMS on top of Cloudflare workers for a while, so I hope this pays off!
Payload can be deployed to Cloudflare Workers: https://github.com/payloadcms/payload/tree/main/templates/wi...
Pages is a thin layer over Workers, and a standard deployment target for most if not all that I've seen.
Plugin security is one thing. Plugin budget is another thing... much larger of a problem in some cases.
I for one am glad that WordPress has some competition. This sounds like a killer rewrite.
Here to say -- great name. It's not just a reference to our modern times, it's a sign of brilliance. (I wrote this myself with no clanker support)
From the people who brought you "we used AI to undercut a project we use rather than pay them fairly for the work we relied on" comes an exciting new lawsuit by Mullenweg for using Wordpress in their product description.
Good one, at last, April fools joke with some effort.
Spiritually bankrupt, that should just be considered marketing material.
The problem is that it doesn't solve the network-effect problem.
People aren't on WordPress because of WordPress.
They're on WordPress because of WooCommerce, a million themes, BuddyPress, integrations for every stupid internal business API on the planet (many of which are terrible and were written by an idiot with a crayon).
The APIs will have no testing because they are bad. In many cases the WordPress implementation of the API written in the codeblock, ran on page-load to the pain of the person responsible for SEO, is the API contract.
And yes those plugins are also terrible, but they solve business problems, even if they are tech problems.
You can't just launch a better wp-core and expect it to replace any of that.
EmDash needs to actually run the existing insecure WP plugins to takeover.
You seem to have missed the point. This is intended to be more secure in a new world where exploits will be cheap to discover. The factors you mention won't keep people onboard if systems are compromised every day in too many ways for fragmented security teams to keep on top of.
Ha! Nice April Fools joke. Nothing will succeed WordPress. Not even AGI. Specially not something with the name EmDash. Good one Cloudflare.
Payload
Will be there a way to export all the posts to markdown so you never get locked in?
Damm Anthropic had a chance to say april fools too for the claude code leak!!
It’s written in typescript, not PHP. How does this improve security if no one uses it because they’ve invested so much in the WP plugin ecosystem?
"Failed to initialize playground"
Try again once or twice.
if this can implode the crooked "web hosting industry" that surrounds the lamp / wordpress ecosystem the better.
Is this just literally turning plugins into microservices? Lol
Impressive and created by agents. Another example for skeptics wondering where the AI apps are.
I think this is too soon to call. No one questions whether AI can build things. We question whether they can build stable things that work as expected and stay online in the long run.
The stability question is real but I think it's framed wrong. The issue isn't whether an agent can write correct code in a single session -- they can, and pretty reliably now. It's whether there's a human with enough understanding of the codebase to debug it when something breaks at 2am.
I run parallel coding agents on my own projects daily. The code they produce is fine. What worries me is the "just ship it" energy where nobody on the team deeply understands what got built. That's not an AI problem, it's been a problem with outsourced codebases forever. AI just makes it faster to accumulate code nobody fully groks.
Cloudflare probably has the engineering depth to maintain this regardless of how it was built. A lot of other teams don't.
I too have seen a lot of comments asking where the products are. If you're now moving the goal posts to "stay online in the long run" you're gonna have to wait until there's been a long run to stay online in. Agents aren't that old yet.
This will largely be based on the maintainers’ priorities. Coding agents can audit and clean up code too, provided that you set the right goals.
> "Failed to initialize playground"
Impressive indeed!
Try again a few times, it ends up loading.
The successor to WordPress will wear out the F5 key
did you test it? How do you know it works?
deployed it on vercel for lolz - it works!
EmDash on Apr 1 come on guys
Held up getting into the details of this ambitious project because of the name! Ridiculous choice considering the associations with AI, slop, and even the general crowded namespace surrounding that. C'mon.
(looks for cameras) Wait a minute, am I being Punk'D? Oh my god! Ashton, you really got me! Ha Ha! Ashton!