Drupal is often considered the heavyweight system out of the three, providing more flexibility at the cost of a steeper learning curve.
Despite its learning curve, the flexibility, security, and power it offers have made it a very popular CMS, especially for high-end and enterprise-scale websites. Tesla and The Economist are just a few examples.
One detail that will become apparent when you first start using Drupal is that the most popular themes are in fact base themes. I didn’t know what a base theme was when I first started out, so…
Base themes are blank themes with a minimal design and a simple or non-existing layout. The purpose of a base theme is to allow theme developers to add their own styles to build a totally new and unique theme. In other words, a base theme is used as a basis to create the themes that are meant to be used on live sites.
So, in contrast to WordPress and Joomla where the most popular themes are all good looking, well-designed themes that are ready to be published right away, the most popular Drupal themes are completely blank, which again allows for total style customization.
One way to interpret the extensive use of base themes is that the average Drupal user value the customizability of Drupal and are more focused on creating high-end, tailor-made websites that suit their customer need, rather than using a premade theme that might not be a perfect fit.
And speaking about customizability, there are several things that could have been mentioned when talking about Drupal, but two of the things that stand out are:
- The ability to give the user full control of what content to display where through the usage of blocks and views.
- Granular access control, allowing administrators to define user roles with very specific access permissions. For instance, defining a content editor role that is allowed to read and edit content, but not allowed to delete and publish.
In addition to customizability, the security aspect is another reason why Drupal has become so popular in the enterprise segment. Out of the three systems listed in this article, Drupal is considered the most secure.
Plugins/modules are security risk number one for any CMS, including Drupal. The major difference, however, is that a contributed module in Drupal actually needs to be approved by the team of Drupal core maintainers before it’s being released for everyone to use. Although not bulletproof, it definitely ensures that the modules available have a certain level of code quality, which again makes Drupal stand out security wise. It’s also possible to subscribe to their security announcement email list, which will keep you up to date on any new vulnerabilities.
Web services is another topic that has received increasingly more attention. That is, communication protocols that allow systems like Drupal to communicate and interact with other web applications. Whether its serving data to a mobile application or interacting with systems in an organization network, a web service API will assist in passing data in a structured manner. Needless to say, Drupal has embraced the idea of REST API completely and delivers a robust set of APIs out of the box.
One of Drupal’s major pain points has always been the significant development efforts required for upgrading to a new major version. The pain partly stems from a community decision to not support outdated code just for the sake of backward compatibility. The purpose of this decision was simply to ensure that any new Drupal versions were able to leverage the latest technologies and thereby making it a better system altogether.
This is however about to change according to Drupal project leader Dries Buytaert. In a blog post about Drupal upgrades, he states the following:
Updating from Drupal 8’s latest version to Drupal 9.0.0 should be as easy as updating between minor versions of Drupal 8
Considering how upgrades have been handled prior to Drupal 8, this is a giant leap in the right direction. That being said, smaller Drupal agencies and end-users are still under the impression that maintaining and updating their Drupal 8 site is too manual and too complex, and points out auto-updates as one of the things that would be a great improvement in the future.
Another thing that has been pointed out by the Drupal end-users is the need for easy-to-use site building tools. Although the Drupal developers have made significant efforts into making Drupal as easy as possible, Drupal still remains as the CMS with the highest learning curve out of the top three, so the feedback comes as no surprise.
The question we’re left with is when do you choose Drupal?
As Dries Buytaert – the Drupal project leader – says in his state of Drupal presentation
Drupal is no longer for simple sites, but for sites with medium-to-high richness
Where richness is referred to as the level of required customization or flexibility.
And I agree
Drupal’s sweet spot as a CMS is towards business websites that require integrations, extra security considerations, and a larger degree of content customizability.