Ghost CMS: a big-time nasty lock-in publishing platform
Newsletters lock-in with Mailgun
Currently, Mailgun is the only option if you wish to use Ghost’s built-in newsletter delivery feature. Period.
The problem isn't just the exorbitant pricing of popular bulk email providers today; the severe lack of options makes it seem monopolistic. They have said for years that more bulk email providers may come in the future, but apparently, it is not on their immediate roadmap.
If you want to bypass the built-in newsletter delivery feature, you might as well deploy your own newsletter solution with server software like ListMonk.app. However, that's not ideal for a non-techie publisher, unless you agree with Mailgun's pricing and plans. The whole idea of Ghost's built-in newsletter delivery feature is rendered meaningless.
I am not an authority on which self-hosted newsletter server software you should select or whether you should go with Mailgun, but the lack of options really makes it difficult.
According to the Ghost team, they have no connection or affiliation with Mailgun whatsoever. After all these years, it does come across as a monopoly service.
Here's why you should take e-newsletters seriously.
According to Trial Exhibit Number PXR0112 in the U.S., Plaintiff States v. Google LLC (2020) is an antitrust case in the U.S. Even Google executives are worried about losing search traffic due to AI. We need to prepare for the possibility that SEO won't be as effective in the future.
If we do not build our readership quickly, chances are that in the coming years, nobody will know that our website still exists. One of the best ways to do so is by offering e-newsletters.
No out-of-the-box anti-bot or anti-spam solution for Sign-up or comments
There is no anti-spam or bot protection out of the box for sign-up and comments. This has been one of the most discussed issues on the Ghost forum, especially among users who self-host their own SMTP servers and use them for transactional email setup with their respective Ghost instances. Many self-hosting Ghost admins, myself included, have noticed abuse of the subscribe button, which lacks any sort of bot protection or CAPTCHA solution that one could easily deploy with a plugin or integration. This could badly hurt our sender reputation, as a result we were forced to make it an invite-only subscription model. This caused a huge dip in sign-ups.
The issue was so widespread that it was voted to be included in future releases of Ghost.
The development team at Ghost made a surprising decision to abandon the use of hCaptcha, a tool that many users of basic, self-hosted email servers had been requesting.
Eventually, basic domain blacklisting and sign-up spam protection were introduced. It was not what I had expected from the Ghost team. Instead multiple CAPTCHA service options, along with something like Cleantalk for sign up/sign in and comments, could bring something substantive to the table.
Team Ghost
Integrations for commenting system and more
Ghost now ships with a much better, upgraded native commenting system. The lack of spam protection makes integrations with other services necessary.
Team Ghost
The official list of integrations for the commenting system or for building discussion-based communities around your blogs or magazines includes closed, paid, hosted services such as Disqus and Cove Comments.
Disqus is a popular paid commenting solution. Ad-free accounts start at $12 USD per month. Disqus offers a free, ad-supported version to eligible publishers.
Cove claims to be the original commenting platform for Ghost, which is incredibly fast and far better optimized than Ghost's native commenting system. Cove Comments costs 10 USD per month.
Any self-hosting Ghost publisher who cares about their readers and subscribers won't bother with the above solutions. The only viable commenting system that doubles as a full-fledged forum for self-hosting users is Discourse.org. It is free/libre software.
While you would need an extra 1-2 GB of RAM on your server, it's worth it. You can use it as a standalone forum for anything else if you want. Also, your comments and forum data are safe and under your ownership forever. When combined with the Stop Forum Spam plugin, which uses the infamous Stop Forum Spam database, Discourse has the potential to replace the native Ghost comments with added functionality to help you build your own community around your publication and content.
Confusing configurations like Mail options and Support email address bug
You can configure your own self-hosted SMTP server for transactional email with Ghost. However, there is a lack of proper documentation.
For example, see the JSON code for a secure connection to mail in Ghost's official documentation:
// config.production.json
"mail": {
"transport": "SMTP",
"options": {
"service": "Mailgun",
"host": "smtp.mailgun.org",
"port": 465,
"secure": true,
"auth": {
"user": "postmaster@example.mailgun.org",
"pass": "1234567890"
}
}
},
Did you notice the "mail:options:service" field above? It says "Mailgun." If I were to use my own SMTP service, or any other service from OVH or Hetzner, it would end up with an error while starting your Ghost instance, even if it is properly set up.
It says, "Invalid mail service."
However, if I call it Mailgun or SES, even when configured with Hetzner or OVH's SMTP settings, the instance starts without error. According to a staff member in a forum post from April 2022, it's just a label. However, it is truly fatal. You must either label it as one of the known services hard-coded in Ghost or remove the mail:options:service altogether, and it will work. There is apparently no mention of this in the documentation. I have experienced this issue myself.
Support email address bug
Ghost lets you set up a custom support email address via the Settings → Portal Settings → Account page. This overrides the default email address that you configured in the config.production.json file. This is mentioned in the documentation as well. But then, what's the point of letting you set up a custom support email address?
What if you wanted to use one SMTP server to send transactional emails and Proton or Posteo for support emails? This is a genuine problem.
A user mentioned a similar issue in a Ghost forum post from October 2022. Something interesting was found in the JavaScript file located at /core/server/services/members/config.js:
getAuthEmailFromAddress() {
return this.getEmailSupportAddress();
}
It looks like it's fetching the email address to be used for authentication from the "Support Email" field. The solution was to prevent it from doing so and instead fetch the address from the configuration. With this minor adjustment, the knowledgeable user was able to use a @gmail.com email address for the Support email address. From a user's perspective, it makes no sense why it is the way it is. Is it a bug?
Note: Although the file config.js is now replaced by MembersConfigProvider.js and there is no mention of getAuthEmailFromAddress(), the issue remains the same.
Pintura - a paid image editor but why?
The official documentation for self-hosting Ghost admins mentions Pintura.
This integration is included even for self-hosted Ghost instances. The Ghost team might claim to have no connection to or affiliation with Pintura, but this cannot go unnoticed.
There is also official pricing for Ghost users. A perpetual license for your Ghost-powered website costs 29 USD and comes with one year of free updates.
At first glance, it appears that most of the functionality is already included in the WordPress core. When you upload an image to Gutenberg, you get tools to modify the image: crop, resize, rotate, transform, etc. All the basic tools that you might use on the go or in the browser while writing or publishing are included in Gutenberg, the WordPress editor.
I can't imagine anyone using these tools for anything serious. Images are mostly done on desktop applications, not on a simple JavaScript-based snipping tool with fancy features. This is totally subjective and depends on your needs, but how far is GIMP from your browser?
I don't think this tool is worthy of built-in integration versus other basic tools that are actually required.
What's the status of WordPress in 2025?
As far as I remember, back in the late 2010s, when Medium entered the scene, WordPress started losing market share to them. So, Automattic, the parent company of WordPress, evaluated why bloggers and publishers were leaving the platform, and they found that the reason was the page editor. WordPress had many page editor plugins.
With the release of the Gutenberg editor, many things changed.
WordPress is commonly regarded as elementary and uninspiring, necessitating extensive customization and optimization to operate effectively.
Honestly, the WordPress core is super slim, minimal, and works well with most tools. It's also not vulnerable to attacks when not used with silly plugins.
The more features you add to the core, the less secure your application becomes due to an increased attack surface. That being said, WordPress is completely extensible, and it makes no difference whether one feature is loaded from the core directory or the plugin directory.
To give you a clearer picture, let's check the official Github repository of Automattic, the parent company of WordPress.
Do you see all the official WordPress plugins that extend WordPress's functionality but are not part of the core?
For example, there's a free newsletter plugin and a free two-factor authentication (2FA) plugin. These are just two examples. There are hundreds of free official plugins that extend the core of WordPress as it is packaged and made available for download.
A mature commenting system is included in the core; the rest is extensible down to a forum or an e-commerce shop. There is an official spam protection service called Akismet, or you could opt for an alternative, Cleantalk.org, as a plugin.
If you want, you can always install a full-fledged free software web analytics system using a plugin.
WordPress is the world's most popular CMS for a reason.
Conclusion: Is Ghost still worth it in 2025?
I have been using Ghost for over two years at Nixsanctuary.com. This is my firsthand experience with Ghost.
I am not here to answer questions such as, "Why can't you accept that Ghost wants your wallet?" Nor am I here to claim that Ghost doesn't care about its publishers or users and only wants to make a profit. For now, I am staying on the platform and continuing to use it. I am here to offer constructive criticism.
Although Ghost is a nonprofit organization and the software is open source, the whole model seems like a lock-in to me from the beginning.
Should you move right now? Maybe.
It all depends on whether you like Ghost as a blogging platform and whether your team loves the design and neat themes that come with it. If so, you can keep using it for blogging.
You could use Ghost in a way that allows you to use Discourse as a commenting system with a legitimate spam protection tool to build a discussion-based community around your blog or publication. You could also use a separate newsletter manager, such as ListMonk, with a custom subscription form. Of course, you would use a mix of your own and an external SMTP service for transactional and e-newsletter delivery.
The crux of the matter is this: If you are responsible for setting up components separately like a commenting system for discussions, as well as managing and delivering the e-newsletter for whatever reasons including lack of legit spam protection for example, then what is the point of a modern publishing platform?
Not to nitpick, but there are some other issues, including the fact that Ghost's own CLI backup broke because of the email-based 2FA introduced in April 2025. Backup is one of the core functionalities and should have been tested more thoroughly before its general release.
As a publisher, it's important to always have choices and options.
Let me know what you think in the comments!
