Everything WordPress
made you assemble.
Speed, SEO, security, backups, redirects, and integrations come built in, not bought as plugins. The polish of a hand-coded Next.js site, with a CMS your clients or your AI agents can edit in the browser.
The speed of a hand-coded site.
CaveCMS is a real Next.js 15 app, not a stack of plugins. Cached pages render in under a second on a five-dollar server. Photos auto-resize for the right screen. Your visitor never waits the way they wait on a bloated WordPress install.
- Built on Next.js 15, the framework behind parts of Notion, TikTok, Hashnode, and Spotify
- Images automatically optimized for every screen
- Smart caching so popular pages feel instant
Speed
Edit it in the browser. Client or agent.
Click any word on any page and you are editing it. Your clients update copy from a phone in a queue. An AI agent does it by prompt. No theme files, no PHP, no staging dance. Just the site, editable in place.
- Live, in-place editing, change it and see it
- Drag any section to reorder it
- Save a section you love and drop it on any other page
Anyone can edit
Edit fearlessly. Publish when ready.
Every change autosaves to a private draft as you work. Close the laptop, lose your wifi, come back next week, and your edits are exactly where you left them. Visitors keep seeing the existing published page the whole time, so nobody ever catches a half-finished edit. Hit publish when your new changes are ready, or discard the draft and the live page is untouched.
- Autosaves as you type, with no Save button to forget
- Your draft survives a closed tab, a dead battery, or a week away
- The public keeps seeing the existing published page until you publish your new changes
- Full undo and redo, then publish or discard with one click
Drafts
An AI writing partner, right where you edit.
Highlight any sentence. Ask for a punchier one, a kinder one, a French one. Get it back in under a second, in your voice, with your site’s tone. Built in. No add-on, no second tab.
- Rewrite, polish, shorten, or lengthen without losing your voice
- Translate any section into thirty languages in one click
- Suggest headlines, captions, and calls-to-action when you are stuck
- Stays inside the section you are editing, never touches the rest of your site
AI writing partner
Production-grade security, built in.
WordPress sites get hacked through plugins. CaveCMS ships the hard parts already done: hidden admin paths, hashed passwords, rate-limited logins, and hardened defaults. Nothing to bolt on, nothing to keep patched.
- Admin login at a private URL only you know
- Brute-force protection that locks the door on repeated bad guesses
- Hardened by default: CSRF tokens, security headers, encrypted secrets at rest
Security
Scheduled, encrypted, off your server.
CaveCMS backs up your whole site, the database, your media, and your secrets if you want them, on a daily or weekly schedule, straight to Google Drive, OneDrive, or local disk. Turn on a passphrase and the archive is AES-256 encrypted before it ever leaves the box. One click brings it all back.
- Automatic daily or weekly backups, at the hour you choose
- Send them to Google Drive, OneDrive, or keep them on local disk
- Optional passphrase encryption (AES-256) before anything uploads
- One-click restore from cloud or a local file, with a safety snapshot taken first
Backups
Built to be found, no plugin required.
Google sees a clean, fast, accessible site with proper headings and proper structure. Sitemaps, metadata, structured data: all in the box, not a paid SEO plugin you have to configure and trust.
- Sitemap and robots.txt out of the box
- Open Graph and Twitter cards on every page
- Structured data so search engines understand your content
SEO
Beautiful on every screen.
Every template, every section, every photo is sized and spaced for phones first, then tablets, then desktops. Nothing breaks. Nothing crowds.
- Touch-friendly buttons sized for thumbs
- Photos that flex without warping
- A menu that knows when to fold itself away
Mobile
Self-host on a small server or cPanel.
One Node process and a database. Put it on a five-dollar VPS, your Mac, or shared cPanel hosting. Move it to a new host in an afternoon. Export everything in one command.
- Self-host on any computer or server you own
- Works on shared cPanel hosting, no root required
- Export everything as a tar file in one command
Run it anywhere
Build by hand.
Or by prompt.
CaveCMS is more than a visual builder. It is a real HTTP API, now with tokens to match. Generate a scoped token in Settings, then API Tokens, hand it to Cursor, Windsurf, Claude Code, or OpenAI Codex, and your AI edits your live site programmatically. It can create pages, rewrite blocks, reorder sections, and repaint the whole palette in seconds, no browser, no clicking. The visual builder stays for your hands. This is for everything else.
- Authorization: Bearer cave_… tokens skip the cookie and CSRF dance, so calls are plain and fast
- Per-token role (editor or admin), optional expiry, shown once, hashed at rest
- Capped to content and branding, so a token can never reach your users, secrets, or security settings
- Revoke any token in one click. Works with Cursor, Windsurf, Claude Code, Codex, or any HTTP client
The complete spec, covering auth, the batch endpoint, and every block type, lives in the API reference.
New to this? Start with connecting your AI assistant.
Using an MCP-aware editor like Claude Code or Cursor? Connect over the built-in MCP server and your AI gets typed tools for your site in one command.
# read your content
curl https://your-site.com/api/cms/pages \
-H "Authorization: Bearer cave_••••"
# write a block: no CSRF, no cookie
curl -X POST https://your-site.com/api/cms/blocks \
-H "Authorization: Bearer cave_••••" \
-d '{"pageId":42,"kind":"widget","blockType":"lx_heading",
"data":{"text":"Hello, world","alignment":"center"}}'Updates that
undo themselves.
Other CMSes leave a failed update for you to clean up at 2 a.m. CaveCMS cleans up after itself. One click installs behind a maintenance screen (signature-verified, migrated, health-checked), and if anything fails, it restores the previous version on its own, before a visitor ever sees a broken page. Prefer the keyboard? The same engine runs from your terminal, and recovery is a single command, even with no internet.
- Signed, hash-verified releases, so a tampered or truncated download is refused, never installed
- Automatic rollback the moment a health check fails, so your site never sits broken
- One-command recovery that runs offline, straight from an on-disk snapshot
$ cavecms update # install the latest, auto-rolls back if it fails
$ cavecms rollback # restore the previous version, even offline
$ cavecms status # what's running, and is an update waitingBuild it local.
Push it live.
Work on a local or staging copy with no fear of touching the live site, then promote the whole thing in one command. Pages, posts, projects, settings, navigation, and every referenced image move together as a single atomic swap. If production changed since you pulled, it refuses and tells you, so you never overwrite a live edit by accident.
- One command promotes the entire site, content and media in one bundle
- A drift check refuses to overwrite changes made on production since you pulled
- Atomic cutover with a retained backup, so a bad push is one revert away
- Named profiles, so an agency keeps one saved login per client
See the full push to production workflow, or move the whole app to a new server.
# save your production site once (URL + an admin token)
$ cavecms login --url=https://your-site.com --token=cave_PROD
# preview the promote, then publish your local build
$ cavecms push --from=http://localhost:3000 \
--from-token=cave_LOCAL --dry-run
$ cavecms push --from=http://localhost:3000 \
--from-token=cave_LOCALE-commerce: Stripe + Paystack.
Cart, checkout, orders, refunds, and webhook-driven payment confirmation across both processors. Cards in 200+ countries through Stripe. Mobile money and cards across West Africa through Paystack. Drop a product block onto any page, set the price, take the order. The same in-place editing as the rest of CaveCMS, no separate dashboard.
- Stripe Checkout and Stripe Connect for marketplaces
- Paystack inline and standard payments
- Inventory, variants, refunds, abandoned-cart emails
- Self-hosted, so the customers, the data, and the fees stay yours
Need it sooner? Tell us, we prioritise asks.
Keep going
Related
MCP server
Connect Claude Code, Cursor, or Windsurf to your live site with the MCP server built into every install. One command, scoped tokens, typed tools.
AI agents
Point Cursor, Claude Code, Windsurf, or Codex at your site: what AGENTS.md is, how to mint a token, and how to make your first change by prompt.
Pricing
Free for personal, hobby, and non-profit use. Free for thirty days commercially, then a single licence fee. Fair source, open on GitHub.