Ghost

Ghost's content model is strictly Posts and Pages — no custom content types, no custom fields. Custom fields have been the top feature request since 2015 (GitHub issue #9020) and remain unimplemented natively; workarounds require third-party services like Gaspr. This is more rigid than even basic open-source CMSes that support extension-based custom types.

Ghost supports Posts → Tags (many-to-many) and Posts → Authors (one-to-many) as the only native relationships. No custom relationship types, no bidirectional traversal, no polymorphic references. API does support filtering posts by tag/author but this is the ceiling of relational capability.

Ghost's Cards editor (Lexical-based as of 2025) provides a rich block-based composition system within post bodies: image, gallery, video, audio, embed, HTML, callout, header, button, product, and file cards. This enables good in-post structured composition. However, structured blocks are confined to post content — there's no schema-level component nesting or reusable structured components across content types.

Ghost provides only minimal validation — required title field and basic meta field limits. Since there are no custom fields, there is no surface area for custom validation rules. No regex validation, no cross-field validation, no webhook pre-save hooks for custom rules. Validation is essentially hardcoded to the fixed schema.

The May 2025 new editor release added post history/revisions, giving authors access to a version timeline with restore capability. Scheduled publishing has long been supported. However there is no content branching, no programmatic API access to revision history, and no visual diff between versions — purely a UI-level restore.

Ghost's card-based editor is a genuinely user-friendly content creation experience — writers can insert and rearrange cards (image, video, callout, embed, etc.) without developer involvement. However this is a post editor, not a visual page builder. Page layout (header, sidebar, footer structure) is theme-controlled and cannot be changed by editors without developer involvement. Scores above 'form-only' but below true in-page visual editing.

Ghost's Lexical-based editor outputs structured JSON (not raw HTML blob) which the Content API delivers, enabling renderer-agnostic consumption. The cards system is rich: callouts, headers, embeds, code blocks, toggles, bookmarks, buttons, products. Standard formatting (bold, italic, links, headers, lists) is well-implemented. Not a full Portable Text equivalent with custom node types, but well above average for a publishing CMS.

Ghost handles basic image upload with automatic responsive resizing (via theme srcset helpers) and WebP support. There's no built-in folder organization, limited metadata, and no focal point control natively. The official Cloudinary integration adds CDN delivery and on-the-fly transformations. Self-hosted installs deliver images from local filesystem without transformation capability. Overall a basic-to-adequate upload-and-serve experience.

Ghost supports multiple author roles (Administrator, Editor, Author, Contributor) with role-based access. The May 2025 new editor changelog mentions 'improved collaboration tools' but details are vague — there's no documented real-time co-editing with presence indicators. Ghost's model appears to be last-write-wins for concurrent editing. No evidence of Google Docs-style co-editing.

Ghost has Draft, Scheduled, and Published states plus a role hierarchy (Contributors cannot publish; Editors can). This gives a basic approval pathway but it is not configurable — there are no custom stages, no conditional routing, no per-stage notification rules, and no audit trail beyond the revision history. Editorial workflow management is not a Ghost design priority.

Ghost has a well-designed RESTful Content API (public, read-only) with filtering, sorting, pagination, field limiting, and locale passthrough. A separate Admin API handles writes. No native GraphQL endpoint — GraphQL is only possible via third-party plugins (e.g., Gatsby's source plugin). The REST API quality is good but the absence of native GraphQL caps this score.

Ghost(Pro) managed hosting includes some CDN for assets, but it is not a purpose-built global CDN with sub-second cache purge — it's DigitalOcean-backed infrastructure. Self-hosted Ghost delivers content via the Node.js process directly; CDN requires manual setup (Cloudflare, Cloudinary, etc.). The official Cloudinary integration is the only documented image CDN path. Edge computing and ESI are not documented features.

Ghost webhooks support HMAC-SHA256 signed payloads (x-ghost-signature header with timestamp). Events cover post lifecycle (published, edited, unpublished, deleted), page lifecycle, and member events (added, updated, deleted). However Ghost does not implement built-in retry logic — retries are the receiver's responsibility. No event filtering at the webhook level. Adequate coverage with signing but limited depth.

Ghost positions itself as a headless CMS with a self-consuming JSON API. Official integrations exist for Next.js, Gatsby, Nuxt, 11ty, Hexo with documented source plugins. An official JavaScript Content API SDK is published. However SDKs are primarily JS/Node-centric — no official iOS, Android, or non-web SDKs. Rich text output is Lexical JSON (structured but not universally portable like Portable Text). Solid for web-channel headless use but limited for true multi-channel.

Ghost supports basic member tier segmentation (public / free member / paid member) with filtered analytics per tier. There is no behavioral, demographic, or firmographic segmentation engine, and no CDP integration. This is membership gating, not a true segmentation system.

Ghost can conditionally show or hide content blocks based on membership tier (public, free, paid) using the {{#if}} helpers in themes. This is paywall-style gating rather than content variant personalization — there is no in-editor preview per segment or external decision engine integration.

Ghost has no native A/B testing capability. Third-party tools (referenced in community guides) are required for any experimentation on subject lines or content. No traffic allocation, significance testing, or built-in results reporting.

Ghost has a 'Recommendations' feature that lets editors manually curate and display links to other publications, but this is entirely editorial with no algorithmic or ML-based ranking. No collaborative filtering or rule-weighted scoring exists.

Ghost ships the Sodo search widget which searches post titles and tags only — it does not index or search post body content. No faceting, relevance tuning, autocomplete on content, or typo tolerance is available. This is closer to a filter than a full-text search.

Community-maintained Algolia packages (@tryghost/algolia, ghost-algolia) enable webhook-driven index sync with Algolia. There is no official marketplace Algolia integration or first-party connector — implementations are custom-built using Ghost's Content API.

Ghost has no native vector search, embedding generation, or semantic similarity features. Implementing AI search would require a fully custom external pipeline. No roadmap items for semantic search were found.

Ghost's monetization capability is limited to paid memberships and subscriptions via Stripe — there is no product catalog, cart, or checkout for physical or digital goods. 'Ghost Commerce' in the market refers to creator commerce broadly, not a built-in commerce engine.

Ghost has an official Shopify integration listed on ghost.org that allows embedding Shopify product cards directly in Ghost posts. This is a product-display embed, not a deep API federation or bidirectional sync. Zapier/Make automation connectors add basic workflow automation.

Ghost's content model (posts, pages, custom post types in newer versions) uses generic fields without product-specific patterns like variant copy, SKU fields, or rich attribute management. Products are managed in Shopify and embedded, not authored natively.

Ghost 6.0 (August 2025) shipped a comprehensive first-party analytics suite directly in Ghost Admin: real-time visitors, top content by traffic and engagement, source attribution per member signup, newsletter open/click rates, MRR and member growth by tier. Analytics are cookie-free and privacy-friendly. Gaps: no author productivity metrics or content lifecycle tracking.

Ghost has an official Segment integration listed on ghost.org that streams member events (signup, upgrade, cancellation) into the Segment CDP pipeline. Webhook support for content operations enables custom integrations with GA4, Amplitude, and similar tools. Official Segment connector lifts this above webhook-only.

Ghost supports basic tagging and custom fields for content classification. The Ghost 6.0 analytics surface post-level performance data but there is no content gap analysis, topic clustering, or SEO intelligence baked into the authoring experience. No AI-powered content scoring.

Ghost has no native multi-site management. Each publication is a completely independent Ghost installation with its own database. There is no centralized admin, shared component library, or cross-site governance layer. Running multiple sites requires separate server instances or a hosting provider with multi-instance support.

Ghost does not support native multilingual content. Each installation is configured for a single language. Theme translation work (i18next) was merged in January 2026 to enable translatable official themes, but field-level or document-level content localization with locale fallback chains remains absent.

Crowdin has an official Ghost.org proxy translator integration in its store enabling content export/import for translation. Weglot also offers a documented Ghost integration for front-end translation of theme elements. Neither covers transactional emails or the Portal app. Integration depth is above webhook-only but below a full TMS workflow.

Ghost has no multi-brand or multi-tenant governance features. There is no concept of brand libraries, cross-brand approval workflows, or global style policy enforcement across publications. Each installation is fully siloed.

Ghost has no native in-editor AI writing assistant. All AI-assisted content creation for Ghost requires external tools (Jasper, AirOps, Junia AI) that integrate via the Ghost API. No brand voice controls, custom prompt management, or field-type-aware generation exist natively.

Ghost has no native AI workflow automation: no auto-tagging, AI metadata generation, smart scheduling, or image recognition. Community tools and MCP server integrations enable external AI to manage content via the Admin API, but nothing is built into the product workflow.

Ghost has no native AI governance layer — no audit trails for AI-generated content, no brand safety controls, no hallucination detection, and no prompt governance. This is expected given the absence of native AI features, but the score reflects the gap versus platforms that do have governance.

Ghost offers two well-structured REST APIs — Content API (fully cacheable, public read) and Admin API (authenticated read/write) — with clean documentation at ghost.org/docs/content-api. Pagination, filtering, and versioning via accept-version header are supported. No native GraphQL; third-party workarounds exist but no official implementation.

Content API is designed to be fully cacheable (CDN-friendly) and documented as having no rate limits for reads. Admin API soft-limits around 50 req/sec per Ghost support guidance; self-hosted defaults to 100 auth attempts per IP per hour. No formal documented CDN-backed SLA or pagination ceiling for production workloads beyond these loose guidelines.

Ghost maintains official JavaScript SDKs for both Content API and Admin API (@tryghost/content-api, @tryghost/admin-api). Beyond JavaScript, there are no other official language SDKs. ts-ghost is a popular community TypeScript package but is not officially maintained by Ghost. Very limited official multi-language coverage.

Ghost's integrations directory (ghost.org/integrations) covers analytics, email marketing, membership, payment, social media, and automation categories. Zapier extends reach to thousands of additional services. The catalog is adequate for a publishing platform but smaller and less enterprise-focused than headless CMS marketplaces; no commerce or DAM integrations of note.

Ghost extensibility is primarily API and webhook based. There is no official App Framework for custom UI extensions, custom sidebar widgets, or server-side hooks beyond the Admin API. Themes are the main customization vector for the frontend. No custom field editors or plugin architecture for admin UI.

Ghost uses email magic-link authentication for staff login with no native SSO (SAML 2.0, OIDC) support. SSO has been a long-standing feature request with multiple forum discussions dating back to 2018 still unresolved as of 2025. Third-party miniOrange-style SSO wrappers exist but require paid add-ons. MFA is not natively enforced.

Ghost provides five predefined staff roles: Owner, Administrator, Editor, Author, and Contributor. Roles are global with no content-type scoping, field-level permissions, or content-instance access control. Custom roles are not supported. Adequate for small editorial teams but insufficient for enterprise multi-tenant or segmented access needs.

Ghost's security documentation (ghost.org/docs/security) focuses on vulnerability disclosure rather than compliance certifications. Ghost(Pro) is GDPR-capable with EU data handling, but there is no public documentation of SOC 2 Type 2, ISO 27001, or HIPAA BAA availability. As a small independent foundation primarily targeting creators and publishers, enterprise compliance certifications are not a priority.

Ghost maintains a security disclosure page and communicates CVEs responsibly. No major known data breaches. The platform has a clean general security reputation for a publishing platform. Bug bounty program is not clearly documented. Security updates are released via Ghost CLI/upgrades rather than a formal bounty structure.

Ghost supports both self-hosted (open source, full control) and Ghost(Pro) managed SaaS hosting. Self-hosted runs on Node.js with MySQL or SQLite, easily deployed via Ghost CLI, Docker, or cloud providers. The dual model provides good flexibility, though no private cloud or dedicated instance option is available through Ghost(Pro) for regulated industries.

Ghost(Pro) provides a formal 99.9% uptime SLA (ghost.org/sla) with a public status page. Third-party monitoring via StatusGator confirms availability tracking. The 99.9% tier is adequate but below the 99.95%+ offered by enterprise CMS platforms. Self-hosted installations carry no vendor SLA.

Ghost(Pro) handles scaling for managed instances; the Content API's fully cacheable design supports CDN delivery. However, Ghost is primarily designed for publishing/newsletter use cases with no published enterprise-scale benchmarks (concurrent users, API calls/sec, entry counts). Self-hosted scaling requires manual infrastructure management. Not enterprise-proven at DXP scale.

Ghost provides manual backup documentation (JSON export, database dump, content folder) and Ghost(Pro) presumably performs automated backups, but RTO/RPO documentation is not publicly available. Content export tools exist. No documented multi-region failover. Self-hosted DR is entirely the operator's responsibility with limited tooling.

Ghost CLI enables full local development with a 5-minute setup running a local Ghost instance (ghost start/stop/restart). Ghost CLI supports local, production, and development modes. However, Ghost CLI end-of-support discussion for v7 onwards introduces uncertainty about the long-term tooling investment. Currently still functional and well-documented.

Ghost has no native multi-environment management (dev/staging/prod), no schema migration CLI, and no branch-per-PR content environment patterns. Deployments are manual or via custom CI scripts (e.g., GitHub Actions triggering Ghost CLI commands). Content structure changes require manual coordination. Lacks the environment management tooling of modern headless CMS platforms.

Ghost documentation (docs.ghost.org) is well-organized with getting started guides, API references, and framework-specific integration guides for Next.js, Gatsby, and Astro. Code examples are provided in JavaScript. Docs are accurate and maintained. No interactive API playground, and multi-language code examples are limited to JS/Node. Adequate for a developer audience.

Ghost's official JS SDKs are not TypeScript-first and lack auto-generated types from the content model. The popular ts-ghost library (github.com/PhilDL/ts-ghost) provides type-safe API access but is community-maintained, not an official Ghost product. No code generation tooling for content model types. TypeScript support exists via community tooling only.

Ghost shipped a major release (v6.0) in August 2025 featuring networked publishing, native analytics, and social web integration. The changelog shows roughly monthly meaningful updates through early 2026: discovery engine (Jan 2026), Entri/free domains (Nov 2025), security improvements (Apr 2025). Consistent cadence but not weekly-frequency SaaS velocity.

Ghost maintains a dedicated changelog at ghost.org/changelog with tagged entries (new features, releases) and a separate breaking changes page at docs.ghost.org/changes. Entries are structured and link to context. Lacks per-release migration guides in every post but breaking changes are tracked separately.

Ghost's product docs explicitly state they maintain an internal 1–2 year roadmap but do not publish it publicly — they tried it and found it more distracting than helpful. Future work is partially visible through GitHub but there is no community voting portal (no Canny, no public GitHub project board). Below average for transparency.

Ghost uses semantic versioning with a dedicated breaking changes page at docs.ghost.org/changes. Ghost 6.0 required self-hosters to follow an upgrade path with noted feature gaps. Deprecation windows are present but migration tooling is minimal compared to enterprise platforms. Reasonable for a Tier 2 open-source CMS.

Ghost's GitHub repository (TryGhost/Ghost) has approximately 48K stars — well above the 20K+ threshold for a high score. The platform has 20,422 managed customers (Latka 2024 data), 3M+ installations worldwide, and an active forum. Strong for a niche publishing-focused CMS.

Ghost operates an active community forum (forum.ghost.org) with team participation and reasonable issue response times. GitHub PRs are actively merged. The Discord integration exists but is primarily for connecting publications, not a large developer Discord. Good engagement relative to community size but not highly active compared to larger ecosystems.

Ghost has a vetted Experts directory (ghost.org/experts) and a Partners page with a handful of official partners (Clay, BuiltWith, Segment). A referral program exists. No formal certification program, no major enterprise SIs (Accenture, Deloitte, etc.), and the partner network is thin compared to enterprise DXP platforms.

Ghost has a healthy volume of third-party tutorials, comparison articles, and YouTube reviews — bolstered by growing interest in indie publishing and newsletter platforms. Multiple in-depth CMS review sites cover Ghost in 2025. Content ecosystem is solid for a Tier 2 platform but remains niche relative to WordPress or Contentful.

Ghost is built on Node.js/Handlebars, so existing JS developers can work with it. However, dedicated Ghost expertise is niche — no official certification program, limited presence in developer surveys, and job postings specifically requesting Ghost skills are sparse. Agencies specializing in Ghost exist but are few.

Ghost grew revenue 65% YoY ($6.3M in 2023 → $10.4M in 2024) with 20K+ customers. Ghost 6.0's social web features (Bluesky, Threads, Fediverse integration) and the new discovery engine signal active product expansion. Growing 15% annually vs 11% CMS market average. Strong momentum for a Tier 2 platform.

Ghost operates as a non-profit foundation — legally cannot be sold or acquired. $10.4M annual revenue, 104 employees, completely self-sustaining with no external investor dependency. This structure eliminates acquisition/shutdown risk but also limits growth capital. Revenue growth trend is strong. Highly stable for buyers concerned about longevity.

Ghost has clear, defensible positioning as an independent publishing platform for media businesses and solo creators — differentiating on open-source, non-profit governance, memberships, and newsletters. Ghost 6.0's social web integration is a genuine differentiator vs Substack/Beehiiv. Not in Gartner MQ or Forrester Wave; positioning is strong in its niche but not enterprise analyst-recognized.

G2 rates Ghost at 4.1/5 stars, placing it in the 45–60 scoring band per the rubric. Review count is moderate (~100–200 range). Positive themes: clean editor, performance, built-in memberships. Recurring negatives: limited customization without code, WordPress migration friction, English-language bias. No major reliability complaints. Score at upper end of band given generally positive tone.

Ghost publishes full pricing publicly on ghost.org/pricing: Starter $15/mo (annual)/$18 monthly, Publisher $29/mo (annual)/$35 monthly, Business $199/mo (annual)/$239 monthly. Member count limits and staff user caps are explicitly stated per tier. No sales-gated tiers — complete transparency.

Flat monthly fee with member-count scaling is predictable for most use cases. However, the Publisher-to-Business jump ($29→$199/mo, ~7x) is a significant cliff for teams that need advanced features — there is no mid-tier option. Member overage model has transparent in-app estimators, reducing surprise. Self-hosted avoids the cliff entirely but shifts cost to ops.

Core publishing and newsletters are available at Starter, but paid membership tiers (monetization) require Publisher or above. Advanced analytics, custom integrations, and priority support are locked to Business ($199/mo). The gating of paid subscription features behind Publisher is a meaningful barrier for monetizing publishers who need more than Starter.

Monthly billing is available at all tiers (with annual discount). 14-day free trial with no credit card required. Ghost is a non-profit foundation stewarding MIT-licensed software, meaning no vendor acquisition risk. No evidence of punitive exit clauses or auto-renewal traps. Self-hosted option provides permanent fallback.

Ghost(Pro) has no permanent free tier — only a 14-day trial. The open-source self-hosted version is free forever (MIT license) and fully production-capable, which is a genuine free entry point, but requires a VPS ($5–20/mo) and email service setup. Credit for the self-hosted path prevents a very low score, but the managed product has no free tier.

Ghost(Pro) can go from signup to first post in under 30 minutes — no infrastructure setup, built-in newsletter and membership. Self-hosted via Docker or DigitalOcean 1-click app is also fast (<1 hour). Ghost's focused scope means no configuration sprawl; developers can query content via Content API within minutes.

A basic Ghost blog or newsletter site can be live in 1–3 days with a stock theme. Custom Handlebars theme development typically takes 1–2 weeks for moderate complexity. Ghost's narrow focus (publishing + newsletters) limits scope creep. Community consistently reports fast launches relative to broader CMS platforms.

Ghost is built on Node.js and Handlebars templates — both mainstream skills with large talent pools. No certification required. Ghost-specific knowledge (theme structure, Content API) is documented and learnable quickly. Some premium exists for Handlebars vs React/Vue, but the pool of Node.js developers is deep enough to keep costs near market rate.

Ghost(Pro) is SaaS with hosting, CDN, backups, and email delivery all included in the plan fee — zero additional infrastructure spend for managed users. Self-hosted adds $5–20/mo VPS, domain/SSL, and email delivery (Mailgun), which is very low by industry standards but not zero. Most buyers on Ghost(Pro) have fully bundled hosting.

Ghost(Pro) is fully managed — automatic updates, backups, scaling, and security patches with no ops overhead for the subscriber. Self-hosted Ghost on a VPS requires periodic Node.js/npm updates and monitoring but is relatively stable and low-maintenance compared to full DXP platforms. No dedicated ops person needed in either deployment model for typical use.

Ghost is MIT-licensed open source — content and data can always be exported as standard JSON and CSV from the admin. Documented migration tooling covers WordPress, Substack, Medium, and custom sources. Free migration assistance is included for Business plan subscribers. Self-hosting is always available as an exit path, eliminating managed-platform lock-in.

Ghost has an unusually small concept surface: posts, pages, tags, authors, members, tiers. Publishing-first design means the mental model maps directly to standard web content patterns. Headless mode uses standard REST API with no proprietary abstractions. Only Handlebars.js templating for themes adds any niche knowledge requirement.

Ghost provides good official docs at docs.ghost.org including dedicated integration guides for Next.js, Gatsby, and Eleventy. No interactive in-console tutorials or certification path, but Ghost(Pro) has a setup wizard and the docs cover common scenarios well. Not as structured as enterprise CMS platforms with formal learning paths.

Ghost Content API is clean REST returning standard JSON, with an official @tryghost/content-api JavaScript SDK. Headless integration with React/Next.js follows standard patterns — no proprietary query language. Traditional theming uses Handlebars.js which is a niche templating language, slightly lowering this score.

Ghost provides an official Next.js integration guide with code examples but not a polished starter kit with example content and CI/CD config. Community starters exist (next-cms-ghost, ghost-cms-nextjs on GitHub) but are third-party maintained and vary in quality. Less turn-key than dedicated headless CMS platforms.

Ghost Content API requires just two values: the API URL and a Content API key generated in the admin panel. Ghost CLI handles local environment setup with a single command. Ghost(Pro) managed hosting eliminates all infrastructure configuration. Self-hosted deployments require more config (database, mail, storage) but CMS-side integration config is minimal.

Ghost has a rigid, opinionated content model: posts and pages only, no custom content types. There is no schema builder or custom field system — the data model is fixed. Migrations that involve non-standard content structures require significant mapping effort. This is a fundamental architectural constraint, not a configuration limitation, making Ghost unsuitable for structured content beyond publishing use cases.

Within Ghost's native theming, preview is built-in and zero-effort. For headless frontends, draft content is NOT available via the Content API — it requires the Ghost Admin API with Bearer token auth, adding complexity. Ghost forum threads document this as a common pain point for headless implementations. Custom preview middleware is required for decoupled frontends.

No certification or platform-specific training required. Generalist JavaScript/Node.js developers can integrate Ghost's Content API without any Ghost-specific expertise. Traditional theme development requires Handlebars.js knowledge which is niche but well-documented. No proprietary query language or custom toolchain beyond Ghost CLI.

Ghost is one of the most solo-developer-friendly CMS platforms. Ghost(Pro) eliminates infrastructure ops entirely. Self-hosted deployments are manageable by a single developer via Ghost CLI. No solution architect or platform specialist required. The platform's publishing focus and minimal configuration surface allow a single person to own the full stack.

Ghost's editor is purpose-built for non-technical content creators. Authors and editors can draft, schedule, and publish independently without developer involvement. Membership tiers and newsletter configuration are managed entirely in the admin UI. No developer is needed for day-to-day content operations — Ghost's publishing-first design explicitly enables editorial self-service.

Ghost(Pro) sites receive automatic upgrades managed by the vendor with forced cutover deadlines (Ghost v5 auto-upgraded by Nov 2025). Self-hosted upgrades are more complex: Ghost CLI is being deprecated in v7 in favor of Docker Compose, and Ghost 6.0 introduced breaking changes including removal of the API limit parameter affecting headless integrations. Standard blog sites upgrade cleanly; custom integrations require pre-upgrade review.

Ghost releases security patches promptly across both the 5.x and 6.x series — CVE-2026-22596 (SQL injection) was patched in 5.130.6 and 6.11.0, CVE-2026-24778 (XSS) in 5.121.0 and 6.15.0, and the 2FA bypass (CVE-2026-22594) addressed quickly. Ghost(Pro) applies patches automatically. Self-hosted operators must apply patches manually, but the dual-series support and fast release cadence reduce exposure windows.

Ghost is deprecating Ghost CLI entirely in v7 forcing all self-hosted operators to migrate to Docker Compose — a non-trivial infrastructure change. Ghost(Pro) forced all v5 sites to upgrade by November 2025 with no opt-out. Ghost 6.0 also removed the API limit parameter with a hard cutover, requiring code changes for headless integrations. Deprecation windows are communicated but the CLI retirement is a significant forced migration for self-hosted operators.

Ghost(Pro) is fully managed with near-zero client-side dependency exposure. Self-hosted Ghost has a relatively lean dependency tree: Node.js (16+), MySQL 8.0+ or SQLite, and optional Redis for caching — significantly simpler than PHP/Java DXPs. The move to Docker Compose standardizes the stack and reduces dependency sprawl, though ActivityPub federation adds new infrastructure requirements for those enabling social features.

Ghost(Pro) includes built-in Ghost Analytics, a member/subscription dashboard, and an email delivery health panel — reducing the need for custom monitoring at the application layer. Ghost.org publishes a status page. Self-hosted operators must configure their own server monitoring, uptime checks, and email deliverability monitoring (Mailgun/Postmark). No native APM or webhook delivery health dashboards beyond the built-in analytics.

Ghost is publishing-focused and handles newsletter delivery, member management, and subscription workflows natively — reducing content ops burden for its core use case. However, it lacks enterprise-grade content hygiene tooling: no built-in broken link detection, orphan content alerts, or content expiry workflows. Content governance relies on editorial discipline rather than automated tooling, which is acceptable for Ghost's target audience of independent publishers but limits score.

Ghost(Pro) includes integrated CDN and handles caching automatically — operators see near-zero performance management burden for typical publishing workloads. Self-hosted deployments require configuring their own CDN (Cloudflare, etc.), but Ghost's architecture (Node.js + MySQL, static theme rendering) is simple enough that query optimization and cache tuning are rarely needed at moderate scale. Performance management overhead is significantly lower than enterprise CMS/DXP platforms.

Ghost(Pro) basic tier provides Monday–Friday email support with no weekend coverage. Trustpilot shows a 2.1/5 rating with numerous reports of copy-paste responses, emails being skimmed rather than read, and unresolved issues. Capterra rates Ghost at 4.7/5 among smaller publishers who are less likely to encounter complex issues. Support quality improves at higher tiers, but the volume of support complaints for a publishing-focused SaaS is notable and drags the score down.

The Ghost Forum is active with meaningful team participation — staff members contribute to threads on self-hosting, v6 migration guidance, and feature discussions. Community-authored guides (e.g., the v6.0 community overview for self-hosted installs) are published and maintained. Forum activity is solid for a focused publishing platform, though the community is smaller than WordPress. Response times are generally reasonable for non-urgent issues.

Ghost's development team patches security vulnerabilities across both active release series (5.x and 6.x) with reasonable velocity — multiple CVEs from early 2026 received patches within the same month of disclosure. Ghost(Pro) deploys fixes immediately after release. Self-hosted operators depend on timely update adoption. Community sentiment is mixed: security response is praised, but some non-critical bugs linger, and the CLI deprecation without a complete migration guide frustrated some operators.

Ghost's block editor supports content cards (image galleries, toggles, products, HTML embeds) that can be drag-and-drop reordered within a post or page, and a 'landing page card' was introduced to enable standalone landing pages. However, Ghost does not ship a native drag-and-drop page builder — creating a new layout still requires a developer to modify or write a Handlebars theme. Third-party builder (Grapesjs-based) exists as a community early-preview, not a bundled product. Scores mid-range: above 'developer-only for every edit' but below true self-serve page builders.

Ghost includes native email newsletter delivery with audience segmentation (free members, paid subscribers, specific membership tiers, custom labels). Scheduled publishing is built-in. However, there is no content calendaring, campaign analytics dashboard, multi-channel campaign coordination, or publish/archive lifecycle for campaigns. The segmentation capability elevates this above the basic 20–30 band, but it falls short of genuine campaign management tooling.

Ghost has among the best built-in SEO of any CMS in this tier: automatic XML sitemaps (auto-updated on publish), JSON-LD structured data (Article schema with title/author/date/image) on all posts and pages, canonical tags, custom meta title/description fields per content item, 301 redirect management, and AMP support. No plugin dependency — all features are bundled. Not higher because Schema.org coverage is limited to Article type and redirect management UI is basic.

Ghost has native membership sign-up forms (free + paid tiers), email capture, and subscription conversion tracking built into the admin dashboard (member growth charts, email open rates). These are purpose-built for content creator subscription funnels. However, UTM parameter tracking, CTA block management, lead-to-CRM workflows, and general performance marketing integrations require external tools. Score reflects partial coverage — conversion of visitors to subscribers is native, but broader campaign performance measurement is not.

Ghost is a publishing platform with no purpose-built product content modeling. There are no product content types, no variant/SKU fields, no product taxonomy, and no attribute modeling. A 'product card' block exists in the editor for featuring individual products as rich embeds (image, description, CTA button), but this is editorial highlight functionality, not a product content management system. Score reflects minimal CMS repurposed for product content.

Ghost has no merchandising-specific tooling. No category management, no promotional content scheduling for products, no cross-sell/upsell content rules, no search result merchandising. The platform is not designed for commerce content operations. Score at the floor of the 10–25 band.

Ghost has official integration pages for Shopify, BigCommerce, and Snipcart — all implemented via Buy Button embed codes pasted into HTML cards in the Ghost editor. This is embed-code integration: no API federation, no data sync between Ghost and the commerce platform, no product reference in the Ghost admin UI, no co-authoring of content+product. Score reflects the 20–35 webhook-only/embed-code tier.

Ghost provides membership-tier-based content visibility (free vs. paid vs. specific tier), which is a form of audience-gated access. Staff roles (Contributor/Author/Editor/Admin/Owner) control editorial permissions. However, this is subscription-tier access control, not department/team RBAC — there is no mechanism to restrict content visibility to specific internal departments or individuals, no field-level sensitivity, and no SSO-backed corporate directory integration. Score is in the 20–35 band: above pure public/private but below RBAC on content types.

Ghost provides draft/scheduled/published content lifecycle, tags for taxonomy, and internal search. Content versioning (post history) was added in recent updates. However, there are no knowledge lifecycle features: no review-due dates, no content expiry/archival scheduling, no structured approval workflows, and no knowledge-specific taxonomy beyond generic tags. Score is in the 35–55 band lower end: adequate content modeling with no lifecycle tooling.

Ghost has no intranet/employee-experience features: no news feed, no employee directory integration, no notifications for new content, no social reactions, no personalized dashboards, and no mobile app. Ghost is absent from all intranet platform roundups. Score at the floor of the 20–35 headless CMS band.

Ghost supports multi-site deployments via separate Ghost instances on one server (Ghost CLI multi-site mode), giving each publication an independent database, admin panel, and API access. However, this is separate-instance isolation, not a native multi-tenant architecture — there is no shared management layer, no cross-publication control panel, and multi-site is explicitly achieved by running multiple independent Ghost processes. GitHub issue #1484 (MultiSite) has been open since 2014. Score in the 30–50 no-native-isolation band.

Each Ghost installation is fully independent with no native mechanism to share content, components, or design tokens across publications. Themes can be duplicated and deployed to multiple instances, but there is no centrally managed shared component library, no cross-instance content propagation, and no federation API for content sharing. Pure duplication is required for shared global content.

There is no centralized governance layer across multiple Ghost publications. Each publication has its own admin, its own user management, and its own settings — there is no cross-publication user management, no enforced content standards, no global policy configuration, and no centralized approval workflows. Ghost Pro Enterprise provides custom staff limits but still manages each publication independently.

Ghost is MIT-licensed open source — self-hosted additional publications cost nothing in licensing (only infrastructure). This provides strong scale economics for teams running multiple Ghost instances on their own infrastructure. Ghost Pro managed hosting charges per publication, creating linear cost scaling. The open-source nature is a genuine scale advantage for self-hosted deployments, earning a score above the 40–60 linear-scaling band.

Ghost Foundation publishes a publicly accessible DPA at ghost.org/dpa/ covering all Ghost(Pro) customers, with SCCs (EU 2021/914) as the cross-border transfer mechanism and servers based in Amsterdam. Sub-processor list is available upon request rather than publicly listed, and the DPA explicitly notes data may be stored outside the EU, so residency is not contractually guaranteed. Right-to-erasure is acknowledged via consent withdrawal; 90-day post-termination deletion is documented in the DPA.

No BAA is offered, no healthcare-specific documentation exists, and HIPAA is not mentioned anywhere in Ghost's terms, DPA, or security documentation. Ghost is a publishing/newsletter CMS not positioned for healthcare use cases.

GDPR compliance is supported via the public DPA with SCCs, which implicitly covers UK GDPR for EU-standard transfers, though no IDTA-specific annexe is documented. CCPA, PIPEDA, LGPD, FedRAMP, IRAP, C5, PCI-DSS, and HITRUST are absent from all published documentation. No industry-specific certifications found.

No SOC 2 attestation (Type 1 or Type 2) is referenced anywhere on Ghost's security, compliance, or pricing pages. Ghost Foundation is a non-profit and has not pursued third-party security audits that would produce a SOC 2 report. No report availability mechanism exists.

No ISO 27001 or ISO 27018 certification is referenced in any Ghost documentation. The security documentation covers application-level controls (rate limiting, 2FA, bcrypt hashing) but does not reference an ISMS or cloud PII certification.

No meaningful security certifications found: no CSA STAR, PCI DSS, Cyber Essentials, FedRAMP, or IRAP. Ghost's about page displays 'Non-Profit Foundation', 'Open Source', and 'Carbon Neutral' (Stripe Climate) badges, which are not security certifications. Base score with nothing additional.

Ghost(Pro) infrastructure is hosted in Amsterdam (EU) by default, which is publicly stated. However, the DPA explicitly notes data 'may be stored and processed in data centers both within and outside the European Union', meaning EU-only residency is not contractually guaranteed. No choice of US or APAC hosting regions is offered to customers. Self-hosted users control their own residency.

Ghost provides self-service export of all content (JSON), members (CSV), themes (ZIP), and analytics (CSV) directly from Ghost Admin without requiring support tickets. The DPA specifies data deletion within 90 business days of service deactivation. Individual right-to-erasure mechanism is limited to consent withdrawal; no self-service subject-erasure portal is documented.

No audit logging capability is documented in Ghost's security or help documentation. Ghost Admin provides activity visible to admins through normal UI interactions, but no formal audit log with export, configurable retention, or SIEM integration is available. Compliance reporting is not mentioned.

No formal WCAG 2.1 AA conformance statement for the Ghost Admin authoring interface has been published. Ghost is open-source and community accessibility contributions exist (GitHub issues referencing a11y), but no official commitment to WCAG 2.1 AA for Ghost Admin or ATAG 2.0 conformance is documented.

No VPAT, ACR, or Section 508 conformance statement is published for Ghost or Ghost Admin. There is no dedicated accessibility page on ghost.org. No formal procurement-ready accessibility documentation exists.