Ghost

Ghost's content model in 2026 remains strictly Posts and Pages — no custom content types, no custom fields. Custom fields have been the top feature request since 2015 (GitHub issue #9020) and are still unimplemented natively; workarounds require third-party services like Gaspr. Custom Theme Settings expose design options but are distinct from content fields. This is more rigid than even basic open-source CMSes that support extension-based custom types.

Ghost supports Posts → Tags (many-to-many) and Posts → Authors (one-to-many) as the only native relationships. No custom relationship types, no bidirectional traversal, no polymorphic references. API does support filtering posts by tag/author but this is the ceiling of relational capability.

Ghost's Cards editor (Lexical-based) provides a rich block-based composition system within post bodies: image, gallery, video, audio, embed, HTML, callout, header, button, product, and file cards. This enables good in-post structured composition. However, structured blocks are confined to post content — there's no schema-level component nesting or reusable structured components across content types.

Ghost provides only minimal validation — required title field and basic meta field limits. Since there are no custom fields, there is no surface area for custom validation rules. No regex validation, no cross-field validation, no webhook pre-save hooks for custom rules. Validation is essentially hardcoded to the fixed schema.

The new editor added post history/revisions, giving authors access to a version timeline with restore capability. Scheduled publishing has long been supported. However there is no content branching, no programmatic API access to revision history, and no visual diff between versions — purely a UI-level restore.

Ghost's card-based editor is a genuinely user-friendly content creation experience — writers can insert and rearrange cards (image, video, callout, embed, etc.) without developer involvement. However this is a post editor, not a visual page builder. Page layout (header, sidebar, footer structure) is theme-controlled and cannot be changed by editors without developer involvement. Scores above 'form-only' but below true in-page visual editing.

Ghost's Lexical-based editor outputs structured JSON (not raw HTML blob) which the Content API delivers, enabling renderer-agnostic consumption. The cards system is rich: callouts, headers, embeds, code blocks, toggles, bookmarks, buttons, products. Standard formatting (bold, italic, links, headers, lists) is well-implemented. Not a full Portable Text equivalent with custom node types, but well above average for a publishing CMS.

Ghost handles basic image upload with automatic responsive resizing (via theme srcset helpers) and WebP support. There's no built-in folder organization, limited metadata, and no focal point control natively. The official Cloudinary integration adds CDN delivery and on-the-fly transformations. Self-hosted installs deliver images from local filesystem without transformation capability. Overall a basic-to-adequate upload-and-serve experience.

Ghost supports multiple author roles (Administrator, Editor, Author, Contributor) with role-based access. 2026 changelogs did not highlight any real-time co-editing additions beyond existing staff accounts. Ghost's model appears to be last-write-wins for concurrent editing. No evidence of Google Docs-style co-editing with presence indicators.

Ghost has Draft, Scheduled, and Published states plus a role hierarchy (Contributors cannot publish; Editors can). This gives a basic approval pathway but it is not configurable — there are no custom stages, no conditional routing, no per-stage notification rules, and no audit trail beyond the revision history. Editorial workflow management is not a Ghost design priority.

Ghost has a well-designed RESTful Content API (public, read-only) with filtering, sorting, pagination, field limiting, and locale passthrough. A separate Admin API handles writes. No native GraphQL endpoint — GraphQL is only possible via third-party plugins (e.g., Gatsby's source plugin). The REST API quality is good but the absence of native GraphQL caps this score.

Ghost(Pro) managed hosting includes some CDN for assets, but it is not a purpose-built global CDN with sub-second cache purge — it's DigitalOcean-backed infrastructure. Self-hosted Ghost delivers content via the Node.js process directly; CDN requires manual setup (Cloudflare, Cloudinary, etc.). The official Cloudinary integration is the only documented image CDN path. Edge computing and ESI are not documented features.

Ghost webhooks support HMAC-SHA256 signed payloads (x-ghost-signature header with timestamp). Events cover post lifecycle (published, edited, unpublished, deleted), page lifecycle, and member events (added, updated, deleted). However Ghost does not implement built-in retry logic — retries are the receiver's responsibility. No event filtering at the webhook level. Adequate coverage with signing but limited depth.

Ghost positions itself as a headless CMS with a self-consuming JSON API. Official integrations exist for Next.js, Gatsby, Nuxt, 11ty, Hexo with documented source plugins. An official JavaScript Content API SDK is published. The April 2026 native share buttons update adds built-in reader sharing (copy link, email, social) to official themes, but this is a theme-level presentation feature rather than a delivery-API improvement. SDKs remain primarily JS/Node-centric — no official iOS, Android, or non-web SDKs. Rich text output is Lexical JSON (structured but not universally portable like Portable Text).

Ghost supports basic member tier segmentation (public / free member / paid member) with filtered analytics per tier. There is no behavioral, demographic, or firmographic segmentation engine, and no CDP integration. This is membership gating, not a true segmentation system.

Ghost can conditionally show or hide content blocks based on membership tier (public, free, paid) using the {{#if}} helpers in themes. This is paywall-style gating rather than content variant personalization — there is no in-editor preview per segment or external decision engine integration.

Ghost has no native A/B testing capability. Third-party tools are required for any experimentation on subject lines or content. No traffic allocation, statistical significance testing, or built-in results reporting.

Ghost has a 'Recommendations' feature that lets editors manually curate and display links to other publications, but this is entirely editorial with no algorithmic or ML-based ranking. No collaborative filtering or rule-weighted scoring exists.

Ghost ships the Sodo search widget which searches post titles, authors, and tags — it does not index or search post body content. No faceting, relevance tuning, autocomplete on content, or typo tolerance is available. This is closer to a filter than a full-text search.

Community-maintained Algolia packages (@tryghost/algolia, ghost-algolia) enable webhook-driven index sync with Algolia. There is no official marketplace Algolia integration or first-party connector — implementations are custom-built using Ghost's Content API.

Ghost's monetization is limited to paid memberships and subscriptions via Stripe — there is no product catalog, cart, or checkout for physical or digital goods. Creator commerce capability is subscription-only.

Ghost has an official Shopify integration that allows embedding Shopify product cards directly in Ghost posts. This is a product-display embed, not a deep API federation or bidirectional sync. Zapier/Make automation connectors add basic workflow automation.

Ghost's content model uses generic post/page fields without product-specific patterns like variant copy, SKU fields, or rich attribute management. Products are managed in Shopify and embedded, not authored natively in Ghost.

Ghost 6.0 (August 2025) shipped a comprehensive first-party analytics suite: real-time visitors, top content by traffic and engagement, source attribution per member signup, newsletter open/click rates, MRR and member growth by tier. Analytics are cookie-free and privacy-friendly. Gaps: no author productivity metrics or content lifecycle tracking.

Ghost has an official Segment integration that streams member events (signup, upgrade, cancellation) into the Segment CDP pipeline. Webhook support for content operations enables custom integrations with GA4, Amplitude, and similar tools. Official Segment connector lifts this above webhook-only.

Ghost has no native multi-site management. Each publication is a completely independent Ghost installation with its own database. There is no centralized admin, shared component library, or cross-site governance layer. Running multiple sites requires separate server instances.

Ghost does not support native multilingual content. Each installation is configured for a single language. Theme translation work (i18next) was merged in January 2026 to enable translatable official themes, but field-level or document-level content localization with locale fallback chains remains absent.

Crowdin has an official Ghost.org proxy translator integration enabling content export/import for translation. Weglot also offers a documented Ghost integration for front-end translation of theme elements. Neither covers transactional emails or the Portal app, and integration depth is above webhook-only but below a full TMS workflow.

Ghost has no multi-brand or multi-tenant governance features. There is no concept of brand libraries, cross-brand approval workflows, or global style policy enforcement across publications. Each installation is fully siloed.

Ghost has a basic media library for images and file uploads with auto-resize and lossless compression on upload. There are no metadata schemas, custom taxonomy, asset versioning, usage tracking across content, or rights/expiry management — it is essentially flat file storage.

Ghost automatically resizes and compresses images on upload and generates responsive srcsets. Ghost Pro delivers assets over a CDN. Full image transformation (focal point, WebP/AVIF, on-the-fly crops) requires the official Cloudinary or Cloudimage integration — these are not built into Ghost natively.

Ghost supports video upload via video cards (up to 100MB on Creator plan) with a built-in player, but there is no transcoding, adaptive bitrate streaming, thumbnail generation, or captions management. Larger video workflows rely on official Vimeo OEmbed integration or external services like Cloudflare Stream.

Ghost has a card-based editor where rich media cards (image, video, HTML, button, etc.) can be dragged to reorder within a post. This is not a drag-and-drop page layout builder — there is no section/column composition, component library, or live visual preview of layouts. Third-party tools like Fantasma offer page building but are not part of Ghost.

Ghost has five predefined staff roles (Contributor, Author, Editor, Administrator, Owner) that create a natural draft-review-publish workflow. Inline comment threads and assignable tasks are available for multi-author teams. There are no custom workflow states, formal approval routing, or SLA/due-date tracking.

Ghost supports scheduled publishing (publish at future date/time) with timezone-aware scheduling. There is no built-in editorial calendar view, no embargo/auto-expiry, and no release bundles for atomically publishing multiple items simultaneously.

Ghost supports inline comment threads and assignable tasks for multi-author coordination, with role-based access controlling who can edit others' posts. There is no simultaneous multi-author editing, no presence indicators showing who is editing, and no conflict prevention mechanism.

Ghost has no native form builder. Contact forms and data capture require third-party services — Ghost has an official Formspree integration listed on ghost.org, and community guides reference JotForm, Tally, and Formzillion embeds. No conditional logic, progressive profiling, or submission storage exists within Ghost.

Ghost has strong native newsletter sending: multiple newsletter types, audience segmentation by member tier, automated welcome emails, and native open/click rate tracking. The April 2026 native share buttons release adds an optional share link in newsletter footers that opens a built-in share modal (copy link, email, social) — extending the distribution/growth loop from published posts into the inbox. Official Mailchimp integration enables subscriber sync. Still publisher-first rather than a full ESP — no drip campaigns or behavioral triggers beyond welcome sequences.

Ghost is not a marketing automation platform. The only native automation is automated welcome emails for new free and paid members. Zapier and Make integrations enable basic workflow automation from Ghost events. No behavioral triggers from content events, drip campaign orchestration, lead scoring, or nurture flows exist natively.

Ghost has an official Segment integration that streams member lifecycle events (signup, upgrade, downgrade, cancellation) into the Segment CDP pipeline, enabling downstream personalization and analytics. There is no bidirectional sync — Ghost cannot consume unified customer profiles from the CDP to drive in-CMS personalization.

Ghost has a curated integrations directory at ghost.org/integrations with quality official integrations across analytics, email marketing, automation, social, CDN, and developer tools (Zapier, Segment, Mailchimp, Shopify, Cloudinary, Slack, GA4). The directory is smaller than enterprise CMS marketplaces and skews toward publishing-adjacent tools with limited enterprise software coverage.

Ghost supports configurable outbound webhooks from the Admin panel covering post, page, member, and subscription lifecycle events. Webhooks support signed payloads with a shared secret for security. No built-in webhook logs or debugging UI; retry behavior is basic. Event coverage is comprehensive for publishing and membership events.

Ghost generates shareable draft preview URLs using UUID-based routes (/p/[UUID]/) that can be shared before publishing. The Admin API provides access to draft posts for headless frontends using an Admin API key. There are no native branch environments, multi-channel preview across different frontends, or environment promotion workflows.

Ghost has five fixed predefined staff roles (Contributor, Author, Editor, Administrator, Owner) with role-appropriate access. Custom role creation is not supported. There are no field-level permissions, content-type-level ACLs, locale-specific permissions, SSO integration, or SCIM support on any plan.

Ghost offers two well-structured REST APIs — Content API (fully cacheable, public read) and Admin API (authenticated read/write) — documented at ghost.org/docs/content-api with pagination, filtering, and accept-version header versioning. No native GraphQL in Ghost 6.x; official docs explicitly list REST-only design. Community GraphQL wrappers exist but are unsupported.

Content API remains CDN-cacheable with documented 'fetch as often as you like' guidance. Ghost 6.0 introduced a hard 100-item page cap — `?limit=all` now silently returns only 100 items and larger requests are clamped — forcing pagination for bulk operations and creating friction for large imports/migrations. Still no documented CDN-backed SLA or enterprise throughput ceiling.

Ghost still maintains only official JavaScript SDKs — @tryghost/content-api and @tryghost/admin-api — with no official Python, Ruby, Java, .NET, PHP, or mobile SDKs as of 2026. Community TypeScript package ts-ghost covers both 5.x and 6.x but is not part of the official TryGhost org. Very limited official multi-language coverage.

Ghost's integrations directory covers analytics, email, membership, payment, social, and automation, and Zapier extends reach. Ghost 6 bakes ActivityPub and (v6.30, April 2026) native share buttons directly into the core, reducing dependence on third-party share/social integrations. Still no dedicated commerce, DAM, or translation marketplace categories — adequate for publishing, not for enterprise DXP breadth.

Ghost extensibility is still primarily API and webhook based through 6.x — no official App Framework for custom admin UI, sidebar widgets, custom field editors, or server-side hooks. Themes remain the main frontend customization vector. The v6 move to independent services (ActivityPub, analytics) runs alongside Ghost but does not expose a plugin SDK.

Ghost continues to use email magic-link authentication for staff with no native SSO (SAML 2.0 / OIDC) in 6.x — a long-standing feature request unresolved since 2018. A community Ghost-to-Keycloak OIDC bridge reached production-ready status in January 2026, and paid third-party wrappers (miniOrange, AuthDigital) exist, but neither is official. MFA is not natively enforced.

Ghost provides five predefined global staff roles (Owner, Administrator, Editor, Author, Contributor) with no content-type scoping, no field-level permissions, no instance-level ACLs, and no custom role builder in 6.x. Adequate for small editorial teams but insufficient for enterprise multi-tenant or segmented access needs.

ghost.org/docs/security still focuses on vulnerability disclosure rather than compliance certifications; no public evidence of SOC 2 Type 2, ISO 27001, or HIPAA BAA availability from the Ghost Foundation in 2026. Ghost(Pro) handles GDPR with EU data processing. As a small independent foundation serving publishers, enterprise compliance remains a gap.

Ghost maintains a responsible disclosure page and communicates CVEs through GitHub security advisories. No major known data breaches through 2026. Clean general reputation for a publishing platform. Bug bounty program is not clearly documented; security updates flow through Ghost CLI / Docker image upgrades.

Ghost supports both self-hosted (open source on Node.js + MySQL 8) and Ghost(Pro) managed SaaS. Ghost 6.0 formalized Docker Compose as the officially supported install/run/update path, stabilizing the self-hosted story. No private-cloud or dedicated-instance tier through Ghost(Pro) for regulated industries, which caps the ceiling.

Ghost(Pro) publishes a 99.9% uptime SLA at ghost.org/sla with a public status page and third-party monitoring via StatusGator. 99.9% is adequate but below the 99.95%+ offered by enterprise CMS vendors. Self-hosted installations carry no vendor SLA.

Ghost 6 moved to an independent-services architecture: ActivityPub and native Analytics (built on ClickHouse) run as separate services alongside core Ghost, which is a more modern scale-out pattern than monolithic 5.x. Content API remains fully CDN-cacheable. Still no published enterprise benchmarks (entry counts, concurrent users, API calls/sec); Ghost(Pro) auto-scales managed. Not enterprise-proven at DXP scale.

Ghost provides manual backup documentation (JSON export, MySQL dump, content folder) and Ghost(Pro) runs automated backups, but RTO/RPO targets are not publicly documented. Content export tooling exists. No multi-region failover. Self-hosted DR remains entirely operator-owned with limited tooling.

Ghost 6.0 standardized Docker Compose as the official install/run/update path, which also gives developers a reproducible local stack matching production (Ubuntu 24, Node 22, MySQL 8). Ghost CLI still works for classic local installs in development mode. The tooling story is more consistent than in 5.x, though there is no dedicated emulator for content-as-code workflows.

Ghost 6 still has no native multi-environment management (dev/staging/prod), no schema-migration CLI surfaced to users, and no branch-per-PR content environment patterns. Deployments rely on custom CI scripts (GitHub Actions into Ghost CLI / Docker). Content structure changes require manual coordination. Lacks the environment-aliasing tooling of modern headless CMS platforms.

docs.ghost.org is well-organized with Content API, Admin API, and SDK references; framework guides cover Next.js, Gatsby, and Astro. The v6 breaking-changes page (docs.ghost.org/changes) clearly surfaces API updates like the 100-item page cap. No interactive API playground, and code examples are limited to JavaScript/Node. Accurate and maintained — adequate for a developer audience.

Ghost's official @tryghost/content-api and @tryghost/admin-api SDKs remain plain JS without bundled TypeScript types or codegen from the content model through 2026. ts-ghost (community, PhilDL) is the type-safe option and was updated to support 5.x and 6.x, but is not officially maintained by TryGhost. No official codegen tooling for custom fields.

Ghost's 2026 changelog shows a consistent 2–3 meaningful updates per month: native share buttons (Apr 21, 2026), welcome email design (Apr 14), Home Assistant integration (Apr 1), members-only podcasts (Mar 26), retention offers (Mar 11), inbox links (Feb 19), comment moderation (Feb 6). This sustained cadence — following the v6.0 major release in Aug 2025 — reflects strong shipping velocity for a non-profit open-source CMS. Not at weekly SaaS levels, but clearly above monthly.

Ghost maintains a dedicated changelog at ghost.org/changelog with tagged entries (New, Improved, Releases) and a separate breaking changes page at docs.ghost.org/changes. Entries are structured, dated, and link to context with screenshots and implementation notes. Lacks per-release migration guides in every post but breaking changes are tracked separately.

Ghost's product docs explicitly state they maintain an internal 1–2 year roadmap but do not publish it publicly — they tried it and found it more distracting than helpful. Future work is partially visible through GitHub but there is no community voting portal (no Canny, no public GitHub project board). Below average for transparency.

Ghost uses semantic versioning with a dedicated breaking changes page at docs.ghost.org/changes. Ghost 6.0 required self-hosters to follow an upgrade path with noted feature gaps. Deprecation windows are present but migration tooling is minimal compared to enterprise platforms. Reasonable for a Tier 2 open-source CMS.

Ghost's GitHub repository (TryGhost/Ghost) has approximately 48K stars — well above the 20K+ threshold for a high score. Headlesscms.org ranks Ghost as the biggest open-source headless CMS project by GitHub stars. Platform has 20K+ managed customers and 3M+ installations worldwide. Strong for a niche publishing-focused CMS.

Ghost operates an active community forum (forum.ghost.org) with team participation and reasonable issue response times. GitHub PRs are actively merged with steady commit velocity through 2026. The Discord integration exists but is primarily for connecting publications, not a large developer Discord. Good engagement relative to community size.

Ghost has a vetted Experts directory (ghost.org/experts) and a Partners page with a handful of official partners (Clay, BuiltWith, Segment). A referral program exists. No formal certification program, no major enterprise SIs (Accenture, Deloitte, etc.), and the partner network is thin compared to enterprise DXP platforms.

Ghost has a healthy volume of third-party tutorials, comparison articles, and YouTube reviews — bolstered by growing interest in indie publishing and newsletter platforms. Multiple in-depth CMS review sites cover Ghost in 2025–2026 (azeemsafi.me, usereviews.io, Sender.net). Content ecosystem is solid for a Tier 2 platform but remains niche relative to WordPress or Contentful.

Ghost is built on Node.js/Handlebars, so existing JS developers can work with it. However, dedicated Ghost expertise is niche — no official certification program, limited presence in developer surveys, and job postings specifically requesting Ghost skills are sparse. Agencies specializing in Ghost exist but are few.

Ghost grew revenue 65% YoY ($6.3M in 2023 → $10.4M in 2024) with 20K+ customers. Product expansion continues aggressively in 2026 with retention offers, native share buttons, Home Assistant integration, members-only podcasts, and welcome email flows — signaling product-market fit expansion beyond pure publishing into creator monetization and distribution. Growing 15% annually vs 11% CMS market average.

Ghost operates as a non-profit foundation — legally cannot be sold or acquired. $10.4M annual revenue, 100+ employees, completely self-sustaining with no external investor dependency. This structure eliminates acquisition/shutdown risk but also limits growth capital. Revenue growth trend is strong. Highly stable for buyers concerned about longevity.

Ghost has clear, defensible positioning as an independent publishing platform for media businesses and solo creators — differentiating on open-source, non-profit governance, memberships, and newsletters. Ghost 6.0's social web integration and 2026 distribution features (native share, inbox links) are genuine differentiators vs Substack/Beehiiv. Not in Gartner MQ or Forrester Wave; positioning is strong in its niche but not enterprise analyst-recognized.

G2 rates Ghost at 4.3/5 stars (up from 4.1 previously), placing it in the 4.2–4.4 with 100–300 reviews band per the rubric (60–72). Positive themes: cleanest distraction-free editor, 0% platform fee vs Substack, fast performance out of box. Recurring negatives: narrow scope (no e-commerce, no drag-and-drop), Markdown-first learning curve for WP migrants. No major reliability complaints.

Ghost publishes full pricing publicly on ghost.org/pricing: Starter $15/mo (annual)/$18 monthly, Publisher $29/mo (annual)/$35 monthly, Business $199/mo (annual)/$239 monthly. Member count limits and staff user caps are explicitly stated per tier. No sales-gated tiers — complete transparency. The April 2026 native share buttons update did not alter the pricing model or tier structure.

Flat monthly fee with member-count scaling is predictable for most use cases. However, the Publisher-to-Business jump ($29→$199/mo, ~7x) is a significant cliff for teams that need advanced features — there is no mid-tier option. Member overage model has transparent in-app estimators, reducing surprise. Self-hosted avoids the cliff entirely but shifts cost to ops.

Core publishing and newsletters are available at Starter, but paid membership tiers (monetization) require Publisher or above. Advanced analytics, custom integrations, and priority support are locked to Business ($199/mo). The April 2026 native share buttons update is available across all tiers, consistent with Ghost's pattern of keeping publishing UX ungated — gating remains concentrated around monetization and analytics.

Monthly billing is available at all tiers (with annual discount). 14-day free trial with no credit card required. Ghost is a non-profit foundation stewarding MIT-licensed software, meaning no vendor acquisition risk. No evidence of punitive exit clauses or auto-renewal traps. Self-hosted option provides permanent fallback.

Ghost(Pro) has no permanent free tier — only a 14-day trial. The open-source self-hosted version is free forever (MIT license) and fully production-capable, which is a genuine free entry point, but requires a VPS ($5–20/mo) and email service setup. Credit for the self-hosted path prevents a very low score, but the managed product has no free tier.

Ghost(Pro) can go from signup to first post in under 30 minutes — no infrastructure setup, built-in newsletter and membership. Self-hosted via Docker or DigitalOcean 1-click app is also fast (<1 hour). Ghost's focused scope means no configuration sprawl; developers can query content via Content API within minutes. The April 2026 native share buttons release removes one common day-one theme customization task.

A basic Ghost blog or newsletter site can be live in 1–3 days with a stock theme. Custom Handlebars theme development typically takes 1–2 weeks for moderate complexity. Ghost's narrow focus (publishing + newsletters) limits scope creep, and the April 2026 native share buttons release eliminates one of the more common custom-theme asks. Community consistently reports fast launches relative to broader CMS platforms.

Ghost is built on Node.js and Handlebars templates — both mainstream skills with large talent pools. No certification required. Ghost-specific knowledge (theme structure, Content API) is documented and learnable quickly. Some premium exists for Handlebars vs React/Vue, but the pool of Node.js developers is deep enough to keep costs near market rate.

Ghost(Pro) is SaaS with hosting, CDN, backups, and email delivery all included in the plan fee — zero additional infrastructure spend for managed users. Self-hosted adds $5–20/mo VPS, domain/SSL, and email delivery (Mailgun), which is very low by industry standards but not zero. Most buyers on Ghost(Pro) have fully bundled hosting.

Ghost(Pro) is fully managed — automatic updates, backups, scaling, and security patches with no ops overhead for the subscriber. Self-hosted Ghost on a VPS requires periodic Node.js/npm updates and monitoring but is relatively stable and low-maintenance compared to full DXP platforms. No dedicated ops person needed in either deployment model for typical use.

Ghost is MIT-licensed open source — content and data can always be exported as standard JSON and CSV from the admin. Documented migration tooling covers WordPress, Substack, Medium, and custom sources. Free migration assistance is included for Business plan subscribers. Self-hosting is always available as an exit path, eliminating managed-platform lock-in.

Ghost has an unusually small concept surface: posts, pages, tags, authors, members, tiers. Publishing-first design maps directly to standard web content patterns. Headless mode uses a standard REST Content API with no proprietary abstractions; only Handlebars.js templating for traditional themes adds any niche knowledge requirement.

Ghost provides good official docs at docs.ghost.org including dedicated integration guides for Next.js, Gatsby, and Eleventy. Ghost(Pro) offers a setup wizard and the community forum is active, but there are no interactive in-console tutorials, no certification path, and no structured learning track matching enterprise CMS platforms.

Ghost Content API is clean REST returning standard JSON with an official @tryghost/content-api JavaScript SDK. Headless integration with React/Next.js follows mainstream patterns and works cleanly with getStaticProps/getStaticPaths — no proprietary query language. Traditional theming still requires Handlebars.js, a niche templating language, slightly capping this score.

Ghost provides an official Next.js integration guide with code examples but not a polished vendor-maintained starter with example content and CI/CD config. Community starters like styxlab/next-cms-ghost exist but are third-party and vary in quality. Less turn-key than dedicated headless CMS platforms that publish vendor starters across Next.js/Nuxt/Astro.

Ghost Content API requires just two values: the API URL and a Content API key generated in admin. Ghost CLI handles local environment setup with a single command, and Ghost(Pro) eliminates all infrastructure configuration. Self-hosted deployments require more config (database, mail, storage) but CMS-side integration config stays minimal.

Ghost has a rigid, opinionated content model: posts, pages, tags, authors, members, and tiers only, with no custom content types and no custom fields system at the core data model level. Custom-fields has been a long-standing requested feature (TryGhost/Ghost#9020) that remains unimplemented. Structured content beyond publishing must be shoehorned into tags/metadata, and there is no schema migration tooling because the schema is fixed.

Within Ghost's native Handlebars theming, preview is built-in and zero-effort. For headless frontends, draft content is NOT available via the Content API — it requires the Ghost Admin API with Bearer token auth and custom preview middleware. Forum threads document this as a persistent pain point; no plug-and-play draft mode exists for decoupled Next.js/Astro frontends.

No certification or platform-specific training required. Generalist JavaScript/Node.js developers can integrate Ghost's Content API without Ghost-specific expertise. Traditional theme development requires Handlebars.js knowledge which is niche but well-documented, and no proprietary query language or custom toolchain exists beyond Ghost CLI.

Ghost is one of the most solo-developer-friendly CMS platforms. Ghost(Pro) eliminates infrastructure ops entirely, and self-hosted deployments are manageable by a single developer via Ghost CLI. No solution architect or platform specialist required — the publishing focus and minimal configuration surface allow a single person to own the full stack.

Ghost's editor is purpose-built for non-technical content creators: authors and editors can draft, schedule, publish, manage membership tiers, and configure newsletters without developer involvement. The April 2026 native share buttons update further reduces developer touchpoints — editors can now toggle sharing in newsletter design settings and official themes without custom theme code. Ghost's publishing-first design explicitly enables editorial self-service.

Ghost(Pro) sites receive automatic upgrades managed by the vendor with forced cutover deadlines (Ghost v5 auto-upgraded by Nov 2025). Self-hosted upgrades are more complex: Ghost CLI is being deprecated in v7 in favor of Docker Compose, and Ghost 6.0 introduced breaking changes including removal of the API limit parameter affecting headless integrations. Standard blog sites upgrade cleanly; custom integrations require pre-upgrade review.

Ghost releases security patches promptly across both the 5.x and 6.x series — CVE-2026-22596 (SQL injection) was patched in 5.130.6 and 6.11.0, CVE-2026-24778 (XSS) in 5.121.0 and 6.15.0, and the 2FA bypass (CVE-2026-22594) addressed quickly. Ghost(Pro) applies patches automatically. Self-hosted operators must apply patches manually, but the dual-series support and fast release cadence reduce exposure windows.

Ghost is deprecating Ghost CLI entirely in v7 forcing all self-hosted operators to migrate to Docker Compose — a non-trivial infrastructure change. Ghost(Pro) forced all v5 sites to upgrade by November 2025 with no opt-out. Ghost 6.0 also removed the API limit parameter with a hard cutover, requiring code changes for headless integrations. Deprecation windows are communicated but the CLI retirement is a significant forced migration for self-hosted operators.

Ghost(Pro) is fully managed with near-zero client-side dependency exposure. Self-hosted Ghost has a relatively lean dependency tree: Node.js (16+), MySQL 8.0+ or SQLite, and optional Redis for caching — significantly simpler than PHP/Java DXPs. The move to Docker Compose standardizes the stack and reduces dependency sprawl, though ActivityPub federation adds new infrastructure requirements for those enabling social features.

Ghost(Pro) includes built-in Ghost Analytics, a member/subscription dashboard, and an email delivery health panel — reducing the need for custom monitoring at the application layer. Ghost.org publishes a status page. Self-hosted operators must configure their own server monitoring, uptime checks, and email deliverability monitoring (Mailgun/Postmark). No native APM or webhook delivery health dashboards beyond the built-in analytics.

Ghost is publishing-focused and handles newsletter delivery, member management, and subscription workflows natively — reducing content ops burden for its core use case. The April 2026 native share buttons release (ghost.org/changelog/native-share-buttons/) removes another source of custom-theme maintenance: publishers no longer need to hand-roll share modals for posts, pages, or newsletters, which official themes now support out of the box. Ghost still lacks enterprise-grade content hygiene tooling — no broken link detection, orphan content alerts, or content expiry workflows — so governance remains editorial-discipline driven.

Ghost(Pro) includes integrated CDN and handles caching automatically — operators see near-zero performance management burden for typical publishing workloads. Self-hosted deployments require configuring their own CDN (Cloudflare, etc.), but Ghost's architecture (Node.js + MySQL, static theme rendering) is simple enough that query optimization and cache tuning are rarely needed at moderate scale. Performance management overhead is significantly lower than enterprise CMS/DXP platforms.

Ghost(Pro) basic tier provides Monday–Friday email support with no weekend coverage. Trustpilot shows a 2.1/5 rating with numerous reports of copy-paste responses, emails being skimmed rather than read, and unresolved issues. Capterra rates Ghost at 4.7/5 among smaller publishers who are less likely to encounter complex issues. Support quality improves at higher tiers, but the volume of support complaints for a publishing-focused SaaS is notable and drags the score down.

The Ghost Forum is active with meaningful team participation — staff members contribute to threads on self-hosting, v6 migration guidance, and feature discussions. Community-authored guides (e.g., the v6.0 community overview for self-hosted installs) are published and maintained. Forum activity is solid for a focused publishing platform, though the community is smaller than WordPress. Response times are generally reasonable for non-urgent issues.

Ghost's development team patches security vulnerabilities across both active release series (5.x and 6.x) with reasonable velocity — multiple CVEs from early 2026 received patches within the same month of disclosure. Ghost(Pro) deploys fixes immediately after release. Self-hosted operators depend on timely update adoption. Community sentiment is mixed: security response is praised, but some non-critical bugs linger, and the CLI deprecation without a complete migration guide frustrated some operators.

The Ghost editor (Lexical/React) adds dynamic landing page cards — header cards, CTA cards, signup cards, toggles — and allows removing the title/feature image from any page, enabling marketers to compose landing pages without coding. However, creating a new overall page layout still requires developer work on the Handlebars theme; you're composing within a fixed theme scaffold. The third-party Grapesjs-based page builder remains an early-preview community project, not bundled. Scores just at the 25–45/50–65 boundary: above pure developer-only edits but not a true self-serve layout creator.

Ghost includes native email newsletter delivery with audience segmentation (free members, paid subscribers, specific membership tiers, custom labels). Scheduled publishing is built-in. However, there is no content calendaring, campaign analytics dashboard, multi-channel campaign coordination, or publish/archive lifecycle for campaigns. The segmentation capability elevates this above the basic 20–30 band, but it falls short of genuine campaign management tooling.

Ghost has among the best built-in SEO of any CMS in this tier: automatic XML sitemaps (auto-updated on publish), JSON-LD structured data (Article schema with title/author/date/image) on all posts and pages, canonical tags, custom meta title/description fields per content item, 301 redirect management, and AMP support. No plugin dependency — all features are bundled. Not higher because Schema.org coverage is limited to Article type and redirect management UI is basic.

Ghost has native membership sign-up forms (free + paid tiers), embeddable signup forms for external pages, email capture, and subscription conversion tracking. Ghost 6.0 (August 2025) added first-party native analytics showing top referrers, member acquisition sources, and conversion rates from visitor to member — improving the performance marketing picture. However, UTM parameter tracking, CTA block management, lead-to-CRM workflows, and general performance marketing integrations still require external tools. Score reflects partial coverage: subscription funnel conversion is native, broader campaign performance measurement is not.

Ghost has zero native personalization. Content is either public, free-member-only, or paid-member-only — this is paywall access control, not behavioral or audience targeting. No geo-targeting, no rule-based content variants, no AI-driven content recommendations, no CDP integration. Ghost is absent from all personalization platform discussions. Score at the bottom of the 15–35 no-native-personalization band.

Ghost has no native content A/B testing. The only experimentation surface is email newsletter subject line testing (ghost.works documents this as a community-explored pattern). There is no headline variant testing, no layout experimentation, no statistical reporting, and no auto-winner selection for content experiments. Score at the floor of the 15–35 band.

Ghost's editor offers fast content creation: cards-based composition, inline editing, no page-reload saves, draft/schedule/publish in one click, and reusable snippets. Email newsletters are composed and sent within the same admin interface. Content can go from brief to published quickly for post-based content. Limitations: no template cloning for pages, no bulk operations, and new page layouts require developer involvement. Score in the 40–60 adequate-speed band.

Ghost publishes to three genuine channels: web, email newsletter, and the social web via ActivityPub (Ghost 6.0, August 2025). ActivityPub delivers posts to Mastodon, Threads, Flipboard, WriteFreely, and other fediverse clients. A Notes feature enables short-form posts for social distribution. However, there is no native SMS, push notification, or in-app channel support. Score in the 40–60 web-first-with-additional-channels band, trending toward the upper end given the addition of genuine social distribution.

Ghost 6.0 (August 2025) shipped first-party, cookie-free native analytics powered by an open-source ClickHouse database. The dashboard shows real-time visitors, top content, traffic sources, newsletter performance (open rates, click rates), and member/subscription growth — all within the Ghost admin. This is genuinely in-CMS analytics without requiring an external tool. Limitation: no content decay alerts, no engagement heatmaps, and self-hosted instances need their own Tinybird account for advanced features. Score at the lower end of the 65+ band — it has CMS-embedded dashboards but lacks the full content performance intelligence of a true analytics suite.

Ghost's theme system enforces visual consistency across all content — all posts and pages render within the selected theme's design system. Newsletter design tokens were added in Ghost 5.126.0 (fonts, colors, button styles). However, there are no content-level brand guardrails: editors can add arbitrary HTML cards, embed any content, and override spacing. No locked brand component palette, no restricted overrides, no design token enforcement for content authors. Score in the 35–55 component-based-consistency-without-enforcement band.

Ghost automatically generates Open Graph meta tags and Twitter/X card markup for all posts and pages. Ghost 6.0 added ActivityPub integration (Social Web): new posts are pushed to fediverse followers on Mastodon, Threads, Flipboard, WriteFreely, and compatible platforms. The 2026 native share buttons update adds a built-in share modal on posts/pages and a share link in newsletter emails — readers can copy the post link, email it, or share on social with post title/link pre-populated. The feature is built into all official themes (via theme updates) and available to custom themes via a `#/share` URL fragment. This combines OG/card management, push-to-social via ActivityPub, and first-class native reader-driven share UI. Not 65+ because there is still no social scheduling, no UGC embed tooling, and Bluesky still requires Bridgy Fed.

Ghost has a basic media library: images can be uploaded, are stored and served, and basic image cards in the editor provide some sizing options. There is no DAM functionality: no image transforms pipeline, no video hosting (embeds via external services), no asset tagging or search, no usage tracking, and no rights management. Score in the 15–35 simple-file-upload band — above the floor given searchable media library, but no marketing-grade asset management.

Ghost does not natively support multilingual content. The platform is designed to run in a single language per instance. Ghost Admin itself lacks i18next internationalization (i18next work was merged for themes in January 2026 but not yet shipped as user-facing feature). For multilingual sites, Ghost recommends separate instances per language or third-party translation services (Weglot, Crowdin). No transcreation workflows, no locale-specific campaign variants, no market-level scheduling, and no regional cookie/legal disclaimer management. Score at the bottom of the 15–30 minimal-localization band.

Ghost's integrations directory lists connections to HubSpot, Mailchimp, ConvertKit, Zapier, and others. However, most are webhook/Zapier-based rather than pre-built deep connectors: HubSpot and Mailchimp sync via Zapier triggers, not native two-way data sync. Ghost has no native CRM connector, no MAP (Marketo/Pardot) integration, and no CDP support. Ghost 6 native analytics reduces the need for GA4 embedding. Score in the 35–55 band lower end: some integrations plus generic webhook/Zapier, but fewer than 3 pre-built MarTech category connectors.

Ghost is a publishing platform with no purpose-built product content modeling. There are no product content types, no variant/SKU fields, no product taxonomy, and no attribute modeling. A 'product card' block exists in the editor for featuring individual products as rich embeds (image, description, CTA button), but this is editorial highlight functionality, not a product content management system. Ghost's own help documentation confirms the platform is not designed for ecommerce.

Ghost has no merchandising-specific tooling whatsoever. No category management, no promotional content scheduling for products, no cross-sell/upsell content rules, no search result merchandising, no product spotlights feature beyond the single product card block. The platform is not designed for commerce content operations.

Ghost has official integration pages for Shopify, BigCommerce, and Snipcart — all implemented via Buy Button embed codes pasted into HTML cards in the Ghost editor. This is embed-code integration: no API federation, no data sync between Ghost and the commerce platform, no product reference in the Ghost admin UI, no co-authoring of content and product. Score reflects the 20–35 embed-code-only tier.

Ghost's product card block and HTML card allow authors to embed Shopify/BigCommerce buy buttons within editorial content, enabling rudimentary buying-guide style content. However, this is embed-code placement, not first-class shoppable content authoring: there is no inline product picker, no live product data, no shop-the-look or lookbook template, and no native purchase CTA integration. Score in the 15–30 band: product embeds are technically possible but not a first-class authoring pattern.

Ghost has no capability to manage content within commerce checkout or cart flows. Transactional pages are entirely controlled by the commerce platform (Shopify, Snipcart, etc.). There is no CMS-managed trust badge, no upsell banner injection, and no post-add modal content managed from Ghost. Score at the floor.

Ghost has no post-purchase content management capabilities. Order confirmations, delivery tracking, product onboarding sequences, and review solicitation are entirely outside Ghost's scope. Ghost's own member email system (for subscription confirmations, newsletters) is not connected to commerce order events.

Ghost member tiers can gate content behind paid access, which could theoretically serve as a rudimentary B2B content gate (e.g., gated spec sheets). However, there are no B2B-specific features: no customer-specific pricing display, no quote-request flows, no account-based catalog segmentation, and no spec sheet management. Score just above the floor: access gating exists but no B2B commerce content purpose.

Ghost has basic built-in content search (via the search card/portal) for finding posts and pages. However, this is simple full-text search with no faceting, no synonym management, no search landing pages, and no blending of product and content results. Not designed for commerce discovery. Score in the 15–30 no-content-side-commerce-search band.

Ghost supports scheduled post publishing, which enables time-limited promotional blog posts or announcement pages. HTML cards can embed countdown timer widgets from third-party services. However, there is no native promotional content system: no sale banner management, no countdown timer component, no promo code messaging, no channel-specific targeting of promotional content. Score in the 10–25 band: scheduled publishing exists but no promotional content tooling.

Ghost requires a separate instance per storefront — there is no native multi-storefront content management. Each Ghost instance is fully independent with its own content model, admin, and API. Sharing editorial content across storefronts requires manual duplication. Score in the 15–30 separate-instance-per-storefront band.

Ghost supports basic image galleries and video embeds (YouTube, Vimeo via embed cards). There are no 360-degree product views, no AR/3D model references, no image hotspot features, and no zoom functionality natively. Commerce-grade media features require third-party embedding. Score in the 10–25/30–50 boundary: basic image/video embeds without any advanced visual commerce capability.

Ghost has no marketplace or multi-vendor content features. No seller profiles, no seller-contributed product descriptions, no review aggregation, no content moderation at scale for marketplace sellers. Ghost is a single-publication platform. Score at the floor.

Ghost has no native multilingual support and no product content management. Locale-specific product descriptions are not possible within a single Ghost instance. Regional regulatory content, currency-aware blocks, and market-specific promo calendars are entirely outside Ghost's capabilities. Score at the floor of the 15–30 minimal-product-localization band.

Ghost 6.0 native analytics tracks member conversion (visitor to free member, free to paid) and referral sources — this gives partial visibility into content-driven subscription conversions. However, there is no content-to-revenue attribution for product sales, no content-assisted ecommerce conversion tracking, and no connection between Ghost content engagement and commerce platform purchase data. Score in the 10–25 band: subscription conversion tracking exists, but commerce revenue attribution does not.

Ghost provides membership-tier-based content visibility (free vs. paid vs. specific tier), which is a form of audience-gated access. Staff roles (Contributor/Author/Editor/Admin/Owner) control editorial permissions. However, this is subscription-tier access control, not department/team RBAC — there is no mechanism to restrict content visibility to specific internal departments or individuals, no field-level sensitivity, and no SSO-backed corporate directory integration. Score is in the 20–35 band: above pure public/private but below RBAC on content types.

Ghost provides draft/scheduled/published content lifecycle, tags for taxonomy, and internal search. Content versioning (post history) is available. However, there are no knowledge lifecycle features: no review-due dates, no content expiry/archival scheduling, no structured approval workflows, and no knowledge-specific taxonomy beyond generic tags. Score is in the 35–55 band lower end: adequate content modeling with no lifecycle tooling.

Ghost has no intranet/employee-experience features: no employee news feed designed for internal audiences, no employee directory integration, no notifications for new content, no social reactions, no personalized dashboards, and no native mobile app for employees. Ghost is absent from all 2026 intranet platform roundups. Score at the floor of the 20–35 band.

Ghost can publish content to segmented member lists (tiers), which could theoretically be repurposed for internal communications to specific employee groups. However, there are no read receipts, no acknowledgment tracking, no mandatory-read workflows, and no audience segmentation based on organizational structure. Score just above the floor: basic publishing with tier segmentation exists, but no dedicated internal comms tooling.

Ghost has no employee directory features, no org chart visualization, no team page templates, no manager hierarchy, and no HR system integration. Staff users have public author profiles (bio, social links) but these are editorial author profiles, not an employee directory. Score at the floor.

Ghost has post versioning (history) and scheduled publishing, which provides rudimentary version control for documents. However, there are no policy-specific features: no acknowledgment tracking, no mandatory-read workflows, no automated review/expiry reminders, no approval workflow for policy updates. Score in the 10–25 floor band: basic version control exists but no policy management capability.

Ghost can structure onboarding content using tags and collections (e.g., tagging posts as 'onboarding'), and member tiers could gate role-specific onboarding content. However, there is no progressive disclosure over time, no role-specific content paths, no task checklists, and no HR-triggered new-hire portal. Score in the 10–20 floor band: content can be organized but no onboarding delivery mechanism.

Ghost has basic content search (full-text search across posts and pages) built in. There is no federated search across external systems (SharePoint, Confluence, Drive), no AI-powered relevance ranking, no faceted filtering, and no search analytics. Score in the 15–30 poor-quality-for-enterprise-volumes band.

Ghost generates responsive web output that works on mobile browsers. There is no native mobile app for content consumption, no offline support, and no push notifications for new content to employees. Ghost admin is accessible on mobile browsers but is not optimized for mobile editing. Score in the 30–50 responsive-web-only band at the lower end.

Ghost has no LMS integration, no learning content types, no course assignment features, no completion tracking, and no certification management. Learning content can be hosted as posts/pages, but tracking and delivery infrastructure is entirely absent. Score at the floor.

Ghost has a native commenting system (Chirp) that allows public or member-only comments on posts. ActivityPub integration in Ghost 6 brings fediverse replies and likes into the Ghost admin notifications. However, there are no internal discussion forums, no peer recognition features, no polls or surveys, no idea submission, and no community spaces by department/interest. Score just above the floor: commenting exists but no social layer for employee engagement.

Ghost has Zapier integration and webhooks that can trigger Slack notifications when new posts are published. There is no deep Microsoft Teams integration, no Google Workspace content embedding, no Slack bot-driven notifications with rich content cards, and no single-pane experiences with workplace tools. Score in the 15–30 basic-webhook band.

Ghost has draft/published/scheduled states and post history (version control). There are no automated review dates, no stale content flagging, no archival workflows, and no ownership assignment for content trust. Content does not expire or prompt review automatically. Score in the 10–25 band: basic publishing lifecycle exists but no archival or freshness enforcement.

Ghost 6.0 added native analytics showing page views, top content, referrers, and email engagement metrics. However, these analytics are audience-facing (tracking public readers/subscribers), not internal engagement analytics. There is no department-level content segmentation, no failed search term analytics for internal users, no adoption dashboards, and no intranet ROI metrics. Score in the 10–20 band upper end: basic analytics exist but not designed for internal measurement.

Ghost supports multi-site deployments via separate Ghost instances on one server (Ghost CLI multi-site mode), giving each publication an independent database, admin panel, and API access. However, this is separate-instance isolation, not a native multi-tenant architecture — there is no shared management layer, no cross-publication control panel, and multi-site is achieved by running multiple independent Ghost processes. GitHub issue #1484 (MultiSite) has been open since 2014 with no resolution. Score in the 30–50 no-native-isolation band.

Each Ghost installation is fully independent with no native mechanism to share content, components, or design tokens across publications. Themes can be duplicated and deployed to multiple instances, but there is no centrally managed shared component library, no cross-instance content propagation, and no federation API for content sharing. Pure duplication is required for shared global content.

There is no centralized governance layer across multiple Ghost publications. Each publication has its own admin, its own user management, and its own settings — there is no cross-publication user management, no enforced content standards, no global policy configuration, and no centralized approval workflows. Ghost Pro Enterprise provides custom staff limits but still manages each publication independently.

Ghost is MIT-licensed open source — self-hosted additional publications cost nothing in licensing (only infrastructure). This provides strong scale economics for teams running multiple Ghost instances on their own infrastructure. Ghost Pro managed hosting charges per publication, creating linear cost scaling. The open-source nature is a genuine scale advantage for self-hosted deployments, earning a score above the 40–60 linear-scaling band.

Each Ghost instance can have its own Handlebars theme with custom CSS, typography, colors, and logo — providing per-instance brand identity. Ghost 5.126.0 added per-newsletter design controls (font, button color/style, palette). However, themes are per-instance with no shared underlying component structure: there is no platform-level design token system, no enforced brand extensions from a base theme, and no shared component library that brand themes inherit from. Score in the 35–55 basic-CSS/config-per-brand band.

Ghost has no brand-locale governance distinction. For multilingual multi-brand deployments, Ghost recommends separate instances per language — there is no per-brand translation approval workflow, no shared vs. isolated translation management, and no regional legal content governance per brand. Score at the floor of the 10–25 band.

Ghost's native analytics (Ghost 6.0) are per-instance only. There is no portfolio dashboard aggregating analytics across multiple Ghost publications, no per-brand vs. aggregate comparison, no content velocity benchmarking across brands, and no publishing cadence comparison. Each Ghost instance has its own analytics silo. Score at the floor.

Each Ghost instance has its own editorial workflow (draft/review/publish) configurable independently. However, there is no workflow configuration interface — Ghost's workflow is fixed (staff roles, not configurable approval chains). There is no central audit across brands, no independently configurable review stages per brand, and no cross-brand workflow reporting. Score in the 10–25 band: independent per-instance workflows exist by virtue of separate instances, but no configurability or central visibility.

Ghost has no native content syndication between instances. ActivityPub (Ghost 6) allows followers on other Ghost instances to subscribe to your publication's feed, but this is subscription-based following, not corporate-to-brand content push with override control. Press releases, legal disclaimers, and product announcements cannot be syndicated from a corporate Ghost instance to brand instances with local adaptation. Score in the 15–30 no-content-sharing-between-brands band.

Ghost provides basic GDPR-related member data management (member deletion, data export) and integrates with cookie consent tools via code injection. However, these are instance-level settings — there are no per-brand compliance rules, no publishing guardrails that prevent non-compliant content, no data residency controls, and no automated regional legal disclaimer injection. Score just above the floor: basic compliance tools exist but no per-brand/region guardrails.

Ghost has no federated design system. Themes are per-instance with no central design system that brand extensions inherit from. There is no version control for shared theme components, no update propagation across instances, and no brand-level extension mechanism layered onto a core component library. Sharing theme updates across multiple Ghost instances requires manual re-deployment of copied theme files. Score in the 10–25 floor band.

Ghost has no cross-instance user management. Each publication manages its own staff users independently — there is no central admin console for managing users across multiple Ghost publications, no cross-brand contributor roles, and no SSO integration that spans multiple Ghost instances. Ghost Pro Enterprise offers increased staff limits but still per-publication management. Score in the 15–30 fully-isolated-user-management band.

Ghost has no shared content model system. Each Ghost instance has the same fixed content types (posts, pages) — there is no shared base model that brands can extend, no per-brand content type customization layered onto a global schema, and no forking-free brand extension mechanism. Score at the floor of the 10–25 band.

Ghost has no portfolio reporting capability. Each instance produces its own analytics (Ghost 6.0) with no aggregation across publications. There is no executive dashboard for content freshness by brand, no publishing SLA tracking, no cost allocation per tenant, and no capacity planning across a Ghost portfolio. Score at the floor.

Ghost Foundation publishes a publicly accessible DPA at ghost.org/dpa/ covering all Ghost(Pro) customers, with SCCs (EU 2021/914) as the cross-border transfer mechanism and servers based in Amsterdam. Sub-processor list is available upon request rather than publicly listed, and the DPA explicitly notes data may be stored outside the EU, so residency is not contractually guaranteed. Right-to-erasure is acknowledged via consent withdrawal; 90-day post-termination deletion is documented in the DPA.

No BAA is offered, no healthcare-specific documentation exists, and HIPAA is not mentioned anywhere in Ghost's terms, DPA, or security documentation. Ghost is a publishing/newsletter CMS not positioned for healthcare use cases.

GDPR compliance is supported via the public DPA with SCCs, which implicitly covers UK GDPR for EU-standard transfers, though no IDTA-specific annexe is documented. CCPA, PIPEDA, LGPD, FedRAMP, IRAP, C5, PCI-DSS, and HITRUST are absent from all published documentation. No industry-specific certifications found.

No SOC 2 attestation (Type 1 or Type 2) is referenced anywhere on Ghost's security, compliance, or pricing pages. Ghost Foundation is a non-profit and has not pursued third-party security audits that would produce a SOC 2 report. No report availability mechanism exists.

No ISO 27001 or ISO 27018 certification is referenced in any Ghost documentation. The security documentation covers application-level controls (rate limiting, 2FA, bcrypt hashing) but does not reference an ISMS or cloud PII certification.

No meaningful security certifications found: no CSA STAR, PCI DSS, Cyber Essentials, FedRAMP, or IRAP. Ghost's about page displays 'Non-Profit Foundation', 'Open Source', and 'Carbon Neutral' (Stripe Climate) badges, which are not security certifications. Base score with nothing additional.

Ghost(Pro) infrastructure is hosted in Amsterdam (EU) by default, which is publicly stated. However, the DPA explicitly notes data 'may be stored and processed in data centers both within and outside the European Union', meaning EU-only residency is not contractually guaranteed. No choice of US or APAC hosting regions is offered to customers. Self-hosted users control their own residency.

Ghost provides self-service export of all content (JSON), members (CSV), themes (ZIP), and analytics (CSV) directly from Ghost Admin without requiring support tickets. The DPA specifies data deletion within 90 business days of service deactivation. Individual right-to-erasure mechanism is limited to consent withdrawal; no self-service subject-erasure portal is documented.

No audit logging capability is documented in Ghost's security or help documentation. Ghost Admin provides activity visible to admins through normal UI interactions, but no formal audit log with export, configurable retention, or SIEM integration is available. Compliance reporting is not mentioned.

No formal WCAG 2.1 AA conformance statement for the Ghost Admin authoring interface has been published. Ghost is open-source and community accessibility contributions exist (GitHub issues referencing a11y), but no official commitment to WCAG 2.1 AA for Ghost Admin or ATAG 2.0 conformance is documented. The recent native share buttons update (ghost.org/changelog/native-share-buttons/) is a reader-facing UX feature and has no bearing on authoring-UI accessibility.

No VPAT, ACR, or Section 508 conformance statement is published for Ghost or Ghost Admin. There is no dedicated accessibility page on ghost.org. No formal procurement-ready accessibility documentation exists.

Ghost's Koenig editor (React + Lexical) has no native AI writing assistant, generative text, or brand voice controls as of April 2026. All AI content creation flows through external tools (Jasper, AirOps, Junia) that use the Admin API to publish, not a plugin wired into the editor. The recent native share buttons changelog (ghost.org/changelog/native-share-buttons/) is a non-AI UX addition and does not move this item. Scores at the floor.

Ghost has no native AI image generation, auto alt-text, or AI-assisted media processing. The platform handles basic image uploads with manual alt text fields. No DAM or AI crop/focal point features exist. The April 2026 native share buttons update does not affect media AI. Scores at the floor for 'no native media AI.'

Ghost has extremely limited localization support — no built-in multi-locale content model and no native MT or AI translation workflow. Internationalization requires custom theme work or external services. The share buttons update has no i18n/MT impact. Scores below the typical 20-point floor given the near-total absence of i18n infrastructure.

Ghost has solid manual SEO foundations: per-post meta title/description fields, OG tags, auto-generated XML sitemaps, and canonical tags. However, all metadata is editor-entered — no AI automation, bulk generation, or on-page SEO scoring is built in. The recent native share buttons update adds native social share UI (pre-populating social drafts with post titles and links) but no AI-generated metadata. Third-party tools like SEOmatic connect via API for programmatic SEO at scale, but this is not native.

Ghost supports configurable outgoing webhooks and a comprehensive Admin API, enabling custom automation pipelines (e.g., n8n workflows for image SEO auditing). However, there is no native AI-powered tagging, smart scheduling, duplicate detection, or content routing built into the platform itself. The native share buttons update is presentation-layer, not AI ops. Automation potential exists via integration, not native AI ops.

Ghost has no named agent products, no natural language task execution layer, and no agentic workflow platform. Community MCP servers enable AI agents to control Ghost externally, but that is protocol availability (10.4.1), not Ghost shipping an agent product. The April 2026 share buttons update is a UI feature, not agentic. Scores near the floor for no agentic support.

Ghost provides basic built-in analytics covering page views, member growth, email open rates, and newsletter clicks. There is no AI content gap analysis, topic clustering, content health scoring, SEO gap identification, or editorial priority recommendations. The new share buttons may surface social-share engagement but without AI insights. Analytics are descriptive, not prescriptive.

Ghost has no native AI content audit capabilities — no quality scoring, brand voice compliance checking, accessibility scanning, or duplicate content detection. External automation (e.g., n8n + Google Sheets for image auditing) exists but is not a Ghost feature. The share buttons update is unrelated to auditing. Scores at the floor.

Ghost has no native search functionality of any kind — not even keyword search is built into the platform. Site search requires full external integration (Algolia, Meilisearch, etc.). The Content API returns clean structured JSON suitable for RAG pipelines, but Ghost provides no embedding generation, vector indexing, or semantic search features. The share buttons update is unrelated. Scores just above the absolute floor because the API makes external integration tractable.

Ghost has member tiers (free/paid) enabling basic gating of content by subscription level, but this is rule-based access control, not AI/ML personalization. There is no audience scoring, predictive segment assignment, next-best-content recommendation, or ML-driven personalization engine. Ghost's membership model is subscription-first, not recommendation-first. The share buttons update does not introduce personalization.

Ghost has a well-supported community MCP ecosystem with at least four separate implementations. The leading one — MFYDev/ghost-mcp — is a TypeScript npm package (v0.6.1+), rewritten from Python for reliability, uses the official @tryghost/admin-api client, and supports full read/write/publish/member management operations via MCP. No official Ghost-published MCP server exists, which caps the score below 70.

Ghost has no BYOK or BYOM capability in its admin panel — there is no AI provider settings page, no API key input for OpenAI/Anthropic/etc., and no model selection for any native AI feature. Since Ghost has no native AI features, BYOK is structurally moot. Custom API integrations can be built by developers using Ghost's API, but that is not platform-level BYOK.

Ghost's Content API and Admin API are clean, well-documented REST interfaces. The official @tryghost/admin-api TypeScript client provides a typed SDK, and webhooks support event-driven automation. The Content API returns structured JSON (posts, tags, authors) well-suited for LLM context injection and RAG pipelines. The fact that 4+ community MCP servers were independently built on Ghost's API demonstrates strong developer ergonomics. No dedicated AI SDK, agent integration guide, or LangChain/LlamaIndex compatibility documentation exists from Ghost.

Ghost has no native AI governance infrastructure — no AI audit trails, no prompt template governance, no brand safety controls on AI output, and no human-in-the-loop review gates for AI-generated content. Since Ghost has no native AI features, governance is structurally absent rather than a deliberate gap. The platform's standard post draft/review workflow provides a weak proxy for human review.

Ghost provides no AI usage dashboards, AI credit/cost tracking, model performance metrics, or prompt analytics. The platform's analytics cover member growth, email engagement, and page views — none of which are AI-specific. With no native AI features shipping, AI observability is moot for the base platform.