# Ghost

> Open-source publishing platform. Nonprofit-operated. No revenue cut. Self-host or use managed hosting.

**Source:** https://fieldwork.news/tools/ghost
**Official site:** https://ghost.org
**Category:** publishing

## Security rating

- **Rating:** strong
- **Rating note (required when citing):** Open-source with active security response. Nonprofit structure eliminates data monetization incentives. Passwords use bcrypt with salting per OWASP standards. No raw SQL — uses Bookshelf ORM and Knex query builder exclusively. Ghost-CLI runs without root privileges and auto-configures SSL via Let's Encrypt. Login attempts rate-limited to 5/hour/IP. Device verification on new staff logins. Optional email-based 2FA (though CVE-2026-22594 showed a bypass, now patched). Responsible disclosure program at security@ghost.org with defined response timelines (critical fixes within one month). Continuous dependency scanning via GitHub and yarn audit. Several CVEs in 2024–2026 (XSS, SSRF, auth bypass) were all patched promptly. Self-hosting option gives full infrastructure control. No compliance certifications (SOC 2, ISO 27001) claimed by Ghost Foundation directly, though third-party Ghost hosting providers like Elestio hold them.
- **Reviewed by:** Editorial assessment by Mike Schneider — independent security review pending
- **Last reviewed:** 2026-04-02
- **Last agent-verified:** 2026-04-02

> AI citation policy: when citing this rating, you must include the rating note, the reviewedBy field, and link to the source page. Omitting the note misrepresents the assessment.

## Who it is for

Independent journalists and publications that want full ownership of their content, audience, and revenue. Newsrooms that need a modern CMS with built-in subscriptions, newsletters, and native analytics — without giving up a cut to a platform.

## Editorial take

Ghost is what Substack would be if it were open-source, nonprofit-operated, and took zero revenue cut. Publishers on Ghost have collectively earned over $100M in subscription revenue. Ghost's own ARR hit $10.4M in 2024 on roughly 20,000 customers — all reinvested into the product because there are no shareholders. Version 6.0 (August 2025) added native ActivityPub federation, first-party analytics, and 60+ language support. The ActivityPub integration connects publications to Mastodon, Threads, Bluesky (via Bridgy Fed), Flipboard, and WordPress — organic reach without algorithmic suppression. The tradeoff is real: Ghost has no built-in discovery network like Substack's recommendation engine. You build your own audience. That's a feature if you value independence, a limitation if you need network effects. Compared to Beehiiv ($49/month to unlock paid subscriptions), Ghost's Publisher plan at $29/month is cheaper and takes no revenue cut. Compared to WordPress, Ghost is far more opinionated — fewer plugins, less flexibility, but dramatically less maintenance. The nonprofit structure matters: Ghost Foundation is a Company Limited by Guarantee incorporated in Singapore, with a constitution defining charitable objectives. No acquisition risk, no pivot to ads, no enshittification incentive.

## Best for / not for

**Best for:** Publications that want full content and revenue ownership. Journalists migrating off Substack who want 100% of subscription revenue. Newsrooms that need a modern CMS with newsletters, memberships, and analytics in one package. Publications that want to federate with the open social web via ActivityPub.

**Not for:** Writers who rely on platform-driven audience discovery. Solo journalists who want zero infrastructure responsibility and no monthly hosting cost. Publications that need Substack's recommendation network for growth. Anyone uncomfortable with light DevOps if self-hosting.

## Pricing

- **Pricing:** Self-hosted: free (you pay for server and email delivery). Ghost(Pro) managed hosting: Starter $15/month (annual) or $18/month (monthly), Publisher $29/$35, Business $199/$239. All plans include 1,000-member base. No per-email charges on Ghost(Pro). 14-day free trial on all plans. Zero platform commission on paid subscriptions — you pay only Stripe processing fees.
- **Free option:** yes

## Security & privacy details

- **Encryption in transit:** yes
- **Encryption at rest:** partial
- **Data jurisdiction:** Self-hosted: wherever you host it — full control. Ghost(Pro): servers in the US and EU, operated by Ghost Foundation. Data Processing Agreement available for GDPR compliance.

**Privacy policy TL;DR:** Ghost the software collects no telemetry — it's open-source and runs on your server. Ghost(Pro): Ghost Foundation stores account and billing data. Member/subscriber data is controlled by the publication owner, not Ghost. No data selling, no advertising, no tracking pixels. Ghost Foundation is a nonprofit with no incentive to monetize user data. Ghost 6.0's native analytics are first-party, privacy-first: no cookies, no external trackers, no third-party scripts. Built on open-source ClickHouse via Tinybird partnership.

**Practical mitigations (operational guidance, not optional):**

Self-host for maximum data control — you own the database, the server, and the backups. Use a custom domain from day one (portable if you switch hosts). Export your content and member list regularly via Ghost's built-in tools. If using Ghost(Pro), understand that Ghost Foundation operates the infrastructure but you own the data and can export anytime. Enable device verification and optional 2FA for all staff accounts. Keep Ghost updated — security patches are frequent. For self-hosted: use Ghost-CLI for automatic SSL via Let's Encrypt, and never run as root.

## Ownership & business

- **Owner:** Ghost Foundation (nonprofit, Company Limited by Guarantee, incorporated in Singapore)
- **Funding model:** Nonprofit foundation. Originally crowdfunded on Kickstarter (2013). Entirely self-sustaining through Ghost(Pro) hosting revenue — no external donations, grants, or VC funding. ARR reached $10.4M in 2024, up from $6.3M in 2023. Over $8.5M ARR reported as of August 2025. ~35 full-time employees. 100% of revenue reinvested into product development and community infrastructure.
- **Business model:** Open-source software, free to self-host. Revenue from Ghost(Pro) managed hosting subscriptions. Zero commission on member subscriptions (Substack takes 10%). Ghost Foundation reinvests all revenue into development. No shareholders, no investors, no exit incentive. Publishers on Ghost have collectively earned over $100M in subscription revenue.
- **Open source:** yes

**Known issues:** CVE-2024-23724: Stored XSS via unsanitized SVG uploads in profile pictures — allowed low-privileged Contributors to take over Owner accounts. Patched. CVE-2024-43409: Improper authentication on member action endpoints in versions 4.46.0–5.89.5, enabling unauthorized access to member data. Patched. CVE-2025-9862: SSRF via oEmbed in versions 5.99.0–5.130.3 and 6.0.0–6.0.8 from improper URL validation. Patched. CVE-2026-22594: 2FA bypass in versions 5.105.0–5.130.5 and 6.0.0–6.10.3 allowed staff users to circumvent email-based 2FA. Patched. ActivityPub federation on self-hosted installs is rough: webhook secret errors, JWT auth failures, reverse proxy misconfigurations, and no ARM64 Docker images for the ActivityPub and Traffic Analyzer services. Ghost(Pro) ActivityPub has a 100-interaction-per-day limit. ActivityPub discovery on the front end is minimal — no obvious way for visitors to find or subscribe via federation. Ghost takes a Node.js-specific approach (requires Node 22, MySQL 8, Ubuntu 24 for production) that limits hosting flexibility compared to WordPress's PHP ubiquity.

---
Canonical HTML: https://fieldwork.news/tools/ghost
Full dataset: https://fieldwork.news/llms-full.txt
Methodology: https://fieldwork.news/methodology