Cloudflare, the cloud provider that connects millions of sites to the Internet, wants to “fix” another digital giant: WordPress. It announced a new open-source system, called EmDash, that “addresses the core problems that WordPress can’t solve” – and they want to do this by allowing AI agents to take control of your website.
Although it’s still in early access, EmDash is already causing a stir in the WordPress community, and not just because its interface looks so much like WordPress. Cloudflare is calling mdash a “spiritual successor” to WordPress – which WordPress founder Matt Mullenweg has already rejected in a blog post about the new platform. Mullenweg writes, “Please do not claim to be our spiritual heir without understanding our spirit.” “I think EmDash was created to sell more Cloudflare services.”
Other members of the WordPress community have also jumped online to tear EmDash apart, while also drawing attention to ways that the WordPress project should be improved – especially when it comes to issues of architecture, security, and AI adoption.
In its announcement, Cloudflare claimed to be rebuilding the open-source WordPress project “from the ground up”, offering a built-in Model Reference Protocol (MCP) server that allows large language models (LLMs) to connect and interact with the platform’s documentation. It runs on Astro, Cloudflare’s LLM-friendly web building framework, and uses TypeScript, a programming language that AI agents can better understand. EmDash also supports x402, a tool that web publishers can use to pay AI crawlers to access their content.
Brian Cordes, developer advocate for WordPress.com owner Automattic, says one of EmDash’s strengths is the speed at which you can set up a website, saying, “It’s fast to go from zero to a basic design. I mean, really fast.”
But it “seems a little vibe-coded,” Cordes writes. Mullenweg echoes this, writing on his blog that the interface is “in the uncanny valley of being sorta-WordPress sorta-not,” adding that he knows “this wasn’t a weekend Vibecode project, but it smells like something.” Mullenweg acknowledges that EmDash’s AI-powered skills feature is a nice touch, but he doesn’t delve into the deeper issues holding WordPress back — something that other members of the community have been vocal about in light of EmDash’s launch.
Joost de Valk, creator of the popular Yoast WordPress plugin, calls Amdash “the most interesting thing to happen in content management in years,” as it is built to work with the support of AI agents and comes with structured content that “machines can easily parse and manipulate.” In his post about EmDash, De Valk brings up structural issues with WordPress, which the project treats as “cosmetic”.
De Valk references a post by WordPress developer Hendrik Luhrsen, who writes that EmDash “exposes an old weakness” in WordPress’s current editor, Gutenberg, which stores data in HTML format. Luhrsen argues that this structure becomes a problem when developers have to rework content, process it through different interfaces, or transfer it to other systems.
“The real lesson is that content on the Web now needs to be thought about differently,” says Luhrsen. “As long as content is understood primarily as output, HTML as a storage format may still sound good enough. But once content moves into new contexts through APIs, multiple frontends, personalization, and AI systems, that argument is no longer valid.”
But not everyone agrees with Cloudflare’s claim that EmDash solves the “security crisis” surrounding WordPress plugins. Cloudflare cites data from Patchstack, which says “more high-severity vulnerabilities were discovered in the WordPress ecosystem in 2025 than in the previous two years.” As outlined by Cloudflare, WordPress plugins run PHP scripts that “connect directly to WordPress to add or modify functionality,” meaning it theoretically has access to everything on your site. Instead, EmDash plugins use something called Dynamic Workers – a tool that allows AI agents to execute code in their own isolated environment, protecting the rest of your site in case things go wrong.
Longtime WordPress developer Rhys Wynne explains in a blog post that these issues may have been exaggerated in order to sell EmDash. He writes, “I should point out that although vulnerabilities are discovered, with systems like PatchStack they are usually patched before they become a problem, and if you actually read the patch notes, the ‘security crisis’ is often something that requires a login, or means the blog’s client can tick a checkbox they shouldn’t,” Wynne writes. “Sure they need a solution, but it’s using scary words to scare users away.”
Meanwhile, Mullenweg says that plugins can “change every aspect of your WordPress experience, it’s a feature, not a bug.” De Valk countered Mullenweg’s point, saying it was “like arguing that because some mobile apps require camera access, every app should get root access to the phone.” On his own blog, he says there is an argument for a “granular permissions system” within WordPress, rather than “continuing to give each plugin the keys to the entire database”.
EmDash is already trying to attract users from WordPress by making it easier to import sites from the platform. But, as Wynne says, if things go south, it doesn’t seem like there’s a way out. export Reconcile your site with EmDash and one site with Cloudflare’s proprietary infrastructure. “There is no intention that Cloudflare will abandon EmDash right away, but it may happen at a later date. What if it is abandoned?” Wynne tells The Verge.
While some WordPress members, including De Valk, say they are going to build on EmDash, concerns remain about whether EmDash really has the community to support new users. WordPress is supported by Automattic’s developers as well as thousands of volunteers to create new features for the platform. “When something breaks, there are forums, documentation, tutorials, and developers everywhere who know how to fix it,” writes Miriam Schwab, head of WordPress at Elementor. “Thanks to all these decades of content, contributions, and use, LLM has all the knowledge needed to design, build, and troubleshoot WordPress sites.”
“If WordPress starts making the right architectural decisions now, it could still take off.”
Still, Schwab admits that EmDash wants to “take an honest look at the WordPress ecosystem to see how it works” — and that’s what he’s doing now. Just a day before the launch of EmDash, Automattic’s Matias Ventura announced that the project was pushing back the launch of WordPress 7.0 by “a few weeks to finalize key architectural details”. Along with support for real-time collaborative editing, this update will include an AI client and an API that will allow WordPress to communicate with AI models.
Even the more skeptical WordPress members are optimistic about the possibility of change. De Valk writes, “If WordPress starts making the right architectural decisions now, it may still catch up.” This could make EmDash more of a catalyst for WordPress rather than a true competitor.
<a href