Ghost
Ghost is an open-source publishing platform for creating websites, newsletters, and paid memberships. Run as a non-profit foundation, it offers both a managed hosting service (Ghost Pro) and free self-hosting, positioning itself as a creator-owned alternative to Substack and WordPress.
Score generated by AI agents based on publicly cited evidence and reviewed by the project maintainer. Not independently validated.
Score History
Timeline events are AI-curated from public reporting. Score trajectory is derived from documented events.
Ghost launches as an idealistic open-source WordPress alternative, funded by a successful Kickstarter campaign and structured as a non-profit foundation. The initial product is minimal -- a Markdown editor with a clean UI -- but the non-profit legal structure, MIT license, and zero-commission model establish strong anti-enshittification foundations from day one.
Ghost matures from scrappy Kickstarter project to sustainable non-profit with $750K ARR. Ghost(Pro) managed hosting provides the sole revenue stream. Ghost 1.0 ships the Koenig block editor, and the foundation reincorporates in Singapore. The team grows slowly but governance remains a two-person board. The platform is limited -- no memberships, no newsletters, no plugin system -- but the open-source core and export tools keep lock-in minimal.
Ghost 2.0 and 3.0 transform the platform from a simple blogging tool into a full membership and subscription platform with headless CMS capabilities. The 0% commission Stripe integration differentiates Ghost from Substack's 10% take rate. Ghost reaches $1.73M ARR and $5M cumulative revenue. The intentional lack of a plugin system frustrates developers wanting extensibility, and the two-person governance model remains unchanged.
Ghost 4.0 and 5.0 solidify the platform as a serious Substack competitor with native newsletters, premium membership tiers, and multiple newsletter support. The SaltStack crypto-mining incident (May 2020) exposes infrastructure vulnerabilities, and a critical newsletter authentication bypass (CVE-2022-41654, CVSS 9.6) raises security concerns. Revenue grows to over $6M. Ghost's deliberate refusal to build a plugin system and concentrated governance become more visible friction points.
Ghost 6.0 integrates ActivityPub federation, making publications first-class fediverse entities. Ghost becomes a founding sponsor of the Social Web Foundation. However, the July 2025 Ghost(Pro) pricing restructure strips paid subscription capabilities from the Starter plan and pushes monetization features to the $29/mo Publisher tier, drawing user criticism. O'Nolan publishes a governance roadmap acknowledging the two-founder board needs external trustees. Revenue reaches $10.4M with 20K+ customers.
Alternatives
A simple, fast website builder for one-page sites. Not a full publishing platform but a viable alternative for creators who need a lightweight web presence without newsletters or memberships. Very easy switch at $9-49/year.
The most popular newsletter platform with built-in audience discovery and network effects. Easy switch — just sign up and start writing. The catch: Substack takes a 10% cut of paid subscription revenue (vs Ghost's 0%), you don't own your website or have full design control, and SEO capabilities are limited.
The dominant open-source CMS with a massive plugin ecosystem and far more customization options than Ghost. Easy to moderate switch depending on complexity — WordPress.com offers managed hosting, or self-host for free. The tradeoff is significantly more complexity, maintenance burden, and a less focused publishing experience.
In the News
Dimensional Breakdown
Summaries below were written by AI agents based on the cited evidence. They are editorial interpretations, not independent research findings.
Dimension History
Timeline (32 events)
John O'Nolan Publishes Ghost Concept Post
Former WordPress UI team deputy lead John O'Nolan publishes 'WordPress is Overkill,' a blog post laying out the vision for a simpler, writing-focused publishing platform. The post generates significant community interest and leads to a prototype developed with Hannah Wolfe.
Ghost Kickstarter Campaign Raises 800% of Goal
Ghost launches on Kickstarter with a £25,000 goal. The campaign is fully funded in 11 hours and ultimately raises £196,362 from 5,236 backers over 29 days. Notable backers include Seth Godin, Leo Babauta, Darren Rowse, and companies like Microsoft and Envato.
Ghost 0.3 'Kerouac' Alpha Released to Backers
Ghost releases its first public alpha, version 0.3 codenamed Kerouac (after Jack Kerouac's continuous-writing method), to Kickstarter backers. It includes a full Markdown editor, post management, and the Casper default theme. The general public release follows on October 14, 2013.
Ghost Foundation Established as Non-Profit
Ghost is structured as a non-profit foundation with no shareholders, no investors, and no owners. The legal constitution ensures the company can never be bought or sold, with 100% of revenue reinvested into the product. John O'Nolan and Hannah Wolfe serve as the two-person board of trustees.
Ghost(Pro) Managed Hosting Service Launches
Ghost launches its managed hosting platform, Ghost(Pro), providing a paid alternative to self-hosting. This establishes Ghost's sole revenue model: hosting fees rather than platform commissions on creator revenue. The service launches with conservative plan limits while benchmarking infrastructure.
Ghost Opens Public Revenue Dashboard on Baremetrics
Ghost announces a focus on radical financial transparency by opening a real-time, streaming Baremetrics dashboard showing all key revenue metrics publicly. At the time, Ghost's ARR is approximately $411,000. The company achieves 8 straight months of profitability.
Ghost Foundation Reincorporates in Singapore
Ghost Foundation moves its legal incorporation from the UK to Singapore, maintaining the exact same non-profit Company Limited by Guarantee structure. The move is driven by Singapore's Stripe support, non-EU jurisdiction, and simple non-resident incorporation. The fully distributed team model continues unchanged.
Ghost Reaches $600K Annual Revenue at Third Anniversary
At its third birthday, Ghost reports $600,000 in annual revenue with healthy, sustainable, and profitable growth. The entire growth has been achieved through word of mouth with zero marketing spend, demonstrating organic adoption of the open-source platform.
Ghost 1.0 Released with Koenig Block Editor
Ghost reaches its 100th release with version 1.0, featuring the new Koenig block-based editor built on MobileDoc. The release includes 2,600+ commits and introduces the new Casper 2.0 theme, dark mode, and custom redirects. The editor supports both Markdown and rich media blocks.
Ghost 2.0 Adds Custom Routing and Multi-Language Support
Ghost 2.0 ships with the Koenig editor as default (replacing Markdown), custom site routing, content collections, and multi-language support covering 50+ languages. The rigid single-stream blog structure is removed in favor of flexible site architectures.
Ghost Launches Headless CMS and Content API
Ghost officially supports use as a headless CMS with JAMstack architectures, enabling developers to use Ghost purely as a content backend with custom front-ends built in Gatsby, Next.js, or other frameworks. The public Content API and Admin API enable full programmatic content management.
Ghost 3.0 Introduces Native Memberships and Subscriptions
Ghost 3.0 launches with built-in memberships, paid subscriptions via Stripe integration, and API-driven site architectures. Ghost takes 0% commission on creator revenue, contrasting with Substack's 10% take rate. At this point, Ghost has generated $5 million in cumulative revenue with $1.73M ARR.
TechCrunch Covers Ghost 3.0 Membership Launch
TechCrunch reports on Ghost 3.0's open-source subscription and membership capabilities, positioning Ghost as a direct alternative to Substack for independent publishers who want to own their platform and avoid platform commissions on subscriber revenue.
Ghost Pro Servers Compromised by SaltStack Crypto-Mining Attack
Attackers exploit critical SaltStack vulnerabilities (CVE-2020-11651, CVE-2020-11652, CVSS 10.0) to compromise Ghost(Pro) infrastructure and install cryptocurrency mining malware. All Ghost(Pro) sites and billing services are affected. The attack is detected within hours via CPU spike alerts and resolved within four hours. No customer data, passwords, or financial information is compromised.
Ghost Publishes SaltStack Incident Report
Ghost publishes a detailed incident report confirming no customer data breach. The company revokes all internal keys, sessions, credentials, and certificates, and requires all Ghost(Pro) users to reset passwords. Ghost adds additional firewalls to prevent recurrence.
Ghost 4.0 Ships Native Newsletters and Dashboard
Ghost 4.0 releases after 18 months of development with 20,000+ commits. Email newsletters are now natively built into Ghost's core. The release includes a new performance dashboard, memberships moved out of beta into stable, a theme store with one-click installs, and dark mode.
Ghost 5.0 Adds Premium Tiers and Multiple Newsletters
Ghost 5.0 ships on the platform's 9th anniversary, adding custom premium tiers with monthly and yearly billing, multiple newsletters with independent branding and subscriber lists, special promotional offers, audience segmentation, and 12 new editor card types. The dashboard is overhauled with revenue, engagement, and native email analytics.
Ghost Launches Native Comments System
Ghost introduces native comments (the second most requested feature ever, after search) in version 5.8.0. Comments are member-only by default, preventing spam. Staff can moderate inline, and members can report problematic comments. The feature was built in 5 days at a team retreat.
Critical Newsletter Authentication Bypass Discovered
CVE-2022-41654 (CVSS 9.6) is disclosed, revealing that non-administrative users can modify or create newsletters via an exposed API endpoint, potentially sending arbitrary content to all subscribers. The vulnerability affects Ghost 4.46.0-4.48.8 and 5.0.0-5.22.7. A patch is released on November 28, 2022.
Path Traversal Vulnerability Allows Unauthenticated File Reads
CVE-2023-32235 (CVSS 7.5) reveals that Ghost versions before 5.42.1 allow unauthenticated attackers to read arbitrary files within the active theme's folder via directory traversal in the /assets/built/ endpoint. Configuration files and environment variables could be exposed.
Symlink Exploit Enables Arbitrary Host File Reads
CVE-2023-40028 is disclosed, showing that authenticated users can upload symlink files to Ghost CMS versions before 5.59.1, allowing them to read arbitrary files on the host operating system, including configuration files and credentials.
Ghost Launches Cross-Platform Recommendations Feature
Ghost ships a native Recommendations feature built on the open Webmentions standard, allowing publishers to recommend other sites regardless of platform. The feature tracks referral clicks and subscriptions bidirectionally, encouraging organic cross-promotion without walled gardens or vendor lock-in.
Ghost Partners with Tiny News Collective for Local Journalism
Ghost partners with the Tiny News Collective, with support from the Google News Initiative, upgrading all TNC publisher members to Ghost(Pro) Creator plans at no cost. The partnership provides small, independent local news organizations with professional publishing infrastructure, technical support, and resources to build sustainable audience businesses.
Ghost Dismisses Stored XSS Vulnerability as Invalid
Rhino Security Labs discloses CVE-2024-23724, a stored XSS vulnerability allowing privilege escalation to owner via malicious SVG profile pictures. Ghost initially dismisses it, stating 'all staff users are expected to be trusted.' Rhino submits a fix via pull request using DOMPurify. Ghost later merges the PR.
Ghost Confirms ActivityPub Federation Plans for 2024
Ghost officially announces plans to integrate ActivityPub and join the fediverse, enabling Ghost publications to interact with Mastodon, Threads, Flipboard, WordPress, and other federated platforms. The announcement positions Ghost as a pioneer in connecting independent publishing to the open social web.
Ghost Funds Fedify for ActivityPub Development
Ghost approaches Hong Minhee, creator of the Fedify framework (a specialized ActivityPub development toolkit), to fund the project and implement features needed for Ghost's ActivityPub service. Ghost builds its multi-tenant ActivityPub server on top of Fedify, investing directly in open-source fediverse infrastructure.
Ghost Joins as Founding Sponsor of Social Web Foundation
The Social Web Foundation launches with Ghost as a founding sponsor alongside Mastodon, Meta, Automattic, and Flipboard. The non-profit, led by Evan Prodromou and Mallory Knodel, aims to foster a growing, healthy, financially viable, and multi-polar fediverse. Ghost's sponsorship reflects its commitment to decentralized, open social infrastructure.
O'Nolan Publishes Governance Roadmap Amid WordPress Drama
In response to the WordPress/WP Engine governance crisis, John O'Nolan publishes 'Democratising Publishing,' outlining Ghost Foundation's governance structure and acknowledging that the two-founder board needs to expand. He commits to adding external trustees as Ghost approaches its 50-person headcount cap, arguing that community governance is essential.
Ghost Connects to Fediverse in Public Beta
Ghost opens ActivityPub integration as a public beta for all Ghost(Pro) users. Publications become followable fediverse profiles (@you@yourdomain.com), able to receive likes, replies, and follows from Mastodon, Threads, WordPress, and other ActivityPub-compatible platforms. Self-hosted ActivityPub support follows via open-source Docker tooling.
Ghost Pro Pricing Restructure Strips Starter Plan Features
Ghost restructures Ghost(Pro) pricing: Starter plan moves from $9/mo to $15/mo but loses paid subscription capabilities and is locked to one theme and one staff user. The Creator plan is renamed Publisher at $29/mo. Existing users are grandfathered. Users describe the change as 'a big step back' for entry-level creators.
Ghost 6.0 Launches with ActivityPub and Native Analytics
Ghost 6.0 ships as the platform's most significant release, integrating ActivityPub federation (connecting publications to Mastodon, Threads, Flipboard, Bluesky, and WordPress) and a native cookie-free analytics suite built on open-source ClickHouse. Publications become first-class social web entities with short-form Notes alongside long-form posts.
TechCrunch Covers Ghost 6.0 Open Social Web Launch
TechCrunch reports on Ghost 6.0 connecting to the open social web, positioning it as 'Substack rival Ghost connects to the open social web.' The coverage highlights Ghost's unique non-profit structure and ActivityPub as a differentiator from walled-garden newsletter platforms.