The launch of EmDash is highlighting the major issues within the WordPress project. Cloudflare, the cloud service provider known for connecting millions of websites to the internet, aims to “fix” WordPress by introducing a new open-source system called EmDash. This system is designed to tackle the “core problems that WordPress cannot solve” by enabling AI agents to control your website.
While still in early access, EmDash is already stirring up controversy in the WordPress community, especially since its interface resembles an upgraded version of WordPress. Cloudflare describes EmDash as the “spiritual successor” of WordPress — a claim WordPress founder Matt Mullenweg disputes. He wrote in a blog post, “Please don’t claim to be our spiritual successor without understanding our spirit,” and adds, “I think EmDash was created to sell more Cloudflare services.”
Other WordPress community members are scrutinizing EmDash online while also pointing out areas where WordPress needs improvement, particularly in architecture, security, and AI integration.
In the announcement, Cloudflare claims to have re-engineered the open-source WordPress project “from the ground up,” incorporating a built-in model context protocol (MCP) server for large language models (LLMs) to interact with platform documentation. It operates on Astro, Cloudflare’s LLM-friendly web building framework, and uses TypeScript, a programming language AI agents comprehend more effectively. EmDash also supports x402, a tool that allows web publishers to charge AI crawlers for accessing their content.
Brian Coords, a developer advocate at Automattic, owner of WordPress.com, notes EmDash’s strength lies in its speedy website setup, stating, “Getting from zero to a basic design is fast. I mean, really fast.”
However, Coords describes the platform as “a bit vibe-coded.” Mullenweg echoes this sentiment, writing in his blog that the interface “is in the uncanny valley of being sorta-WordPress sorta-not,” and admits it bears some resemblance to a weekend project even though it isn’t. He acknowledges EmDash’s AI-powered skills feature is a nice addition but avoids discussing the deeper issues WordPress faces — points other community members have highlighted following EmDash’s release.
Joost de Valk, creator of the popular Yoast WordPress plugin, refers to EmDash as “the most interesting thing to happen to content management in years” due to its support for AI agents and structured content designed for machine processing. In his blog post, de Valk criticizes how WordPress views its structural issues as “cosmetic.”
De Valk highlights a post by WordPress developer Hendrik Luehrsen, who claims EmDash exposes a longstanding weakness in WordPress’s Gutenberg editor, which stores data in HTML. Luehrsen argues this format becomes problematic when reworking content or moving it across systems.
“The real lesson is that content on the web now has to be thought about differently,” Luehrsen asserts. “As long as content is mainly seen as output, HTML seems viable. But as content finds new contexts through APIs, frontends, personalization, and AI, that logic fails.”
Not everyone agrees that EmDash resolves WordPress’s “security crisis” concerning plugins. Cloudflare cites data from Patchstack indicating “more high-severity vulnerabilities were discovered in 2025 than in the previous two years combined.” It explains WordPress plugins use PHP scripts with unrestricted site access. Instead, EmDash plugins employ Dynamic Workers, allowing AI agents to execute code in isolated environments, safeguarding the rest of your site.
Rhys Wynne, a seasoned WordPress developer, argues in a blog post that these security concerns might be overstated to promote EmDash. He writes, “I should note vulnerabilities are typically addressed before becoming issues, and what is often called a ‘security crisis’ involves scenarios requiring user login or minor unauthorized actions,” underscoring that while these issues require fixes, alarmist language can unnecessarily scare users.
Mullenweg maintains that the ability of plugins to “alter any aspect of your WordPress experience” represents a feature, not a flaw. De Valk counters, suggesting that treating all plugins like mobile apps necessitating full phone access is excessive. On his blog, he advocates for a “granular permission system” rather than allowing every plugin database-wide access.
By facilitating WordPress site imports, EmDash seeks to attract users but lacks a clear export option, tying users to Cloudflare’s proprietary infrastructure. Wynne raises concerns about potential abandonment of EmDash, questioning the fate of sites built on it if Cloudflare discontinues support.
While some WordPress members, including de Valk, plan to leverage EmDash, doubts persist about the platform’s ability to nurture a developer community akin to WordPress’s thriving ecosystem. WordPress benefits from countless volunteers and Automattic developers creating new features. “When something breaks, there are forums, documentation, tutorials, and skilled developers ready to assist,” writes Miriam