Most of the CMS news you've read this year was about security patches. Plugin conflicts. The next critical update you have to install before some bot finds the door. While that cycle continued, the platform we run MigrateDash sites on shipped a quiet but significant release — and several of the changes are things WordPress users have been asking about for years.
Drag-to-reorder, finally
Anyone who has tried to reorder a long FAQ list, a team grid, or a homepage carousel in WordPress knows the drill: open the row, copy the shortcode, scroll to the right place, paste, save, refresh, hope. The new repeater block in our CMS lets editors drag any item up or down with the mouse — and the change saves without leaving the page. It's the kind of feature that should have shipped a decade ago. Now it's just there.
Single sign-on, out of the box
Your /wp-admin login page is a permanent target. Every WordPress site on the internet gets brute-forced thousands of times per day, and security plugins exist almost entirely to slow that traffic down. The new release adds pluggable authentication that supports Google, GitHub, and the AT Protocol natively — meaning your team logs in with whatever SSO they already use, and the public username/password form goes away. No plugin, no rate-limit fiddling, no daily log of failed attempts.
Security hardening you don't have to install
This release also closed several classes of issue WordPress site owners typically pay separate plugins to handle: rate limits on the signup endpoint, DNS-rebinding protection, opaque pagination cursors that can't be guessed or replayed, and reverse-proxy header trust that doesn't get fooled by spoofed requests. WordPress disclosed multiple CVEs in core this past month and many more across popular plugins. Our CMS shipped these protections as part of the platform, on the same release.
AI tools that work on your site, not just on it
The most interesting addition is technically subtle: site settings are now exposed to AI assistants through MCP — meaning you can ask an AI editor to update your homepage tagline, change a meta title, or adjust a setting, and have it actually do it. Not generate copy that you then paste in. Do it. That's the part of "AI-native" most platforms keep promising and almost none have actually shipped.
The widening gap
This is what shipping every couple of weeks looks like. WordPress sites get plugin compatibility breakage. Our CMS gets capabilities that wouldn't exist in WordPress at all without a $200/month stack of subscription plugins. If you've been on the fence about migrating, this is the kind of update gap that keeps widening — every release.
