Cloudflare has released EmDash, a fully open-source CMS it calls the "spiritual successor to WordPress." Built entirely in TypeScript on Astro 6.0, EmDash takes direct aim at the platform that powers over 40% of the internet - rethinking it from the ground up for a serverless, AI-native era.

The core innovation is security architecture. Patchstack data shows 96% of WordPress vulnerabilities come from plugins, which run with full access to the database and filesystem. EmDash isolates each plugin in its own sandboxed Worker isolate via Cloudflare's Dynamic Workers, requiring plugins to declare permissions upfront. No more rogue plugins with root-level access.

x402: Charging AI Bots for Content

EmDash ships with built-in x402 support, the open payment standard that recently joined the Linux Foundation. Sites can return HTTP 402 responses to charge visiting AI agents or users for content access - no subscription infrastructure, no engineering work. As AI crawlers increasingly consume web content, this gives publishers a native monetization path that works out of the box.

The project was built in two months using AI coding agents and is MIT licensed, a more permissive choice than WordPress's GPL. It deploys to Cloudflare's global network or any Node.js server, with a WordPress migration tool (WXR importer) included for existing sites.

EmDash is currently in v0.1.0 developer preview. A live playground is available, and the project already has a deploy-to-Cloudflare one-click button.

Base ecosystem lead Jesse Pollak highlighted the launch, noting Cloudflare "just launched next gen WordPress with x402 on Base built in."