When it comes to designing a worthwhile website, the choice of content management system (CMS) may not be readily apparent. Complicating this choice are the almost-tribal sentiments of each system’s loyalists, each convinced of the “rightness” of their favorite. But both are open source, free to use, and provide a multitude of plug-ins and modules. So which is the real winner of a Drupal vs WordPress standoff?
Drupal 8 is now available, but it’s definitely not for everyone. Based on our experience, the go-to for roughly one-third of all websites is WordPress. It dominates 60% of the CMS market. Why deviate?
The short answer is WordPress is much easier to use for non- and semi-technical users, but Drupal offers better flexibility and security if you know your stuff. To dig deeper, let’s toss Drupal 8 and WordPress into a cage and see who comes out on top!
Ease of Use
WordPress is known for its 5-minute install and for low barrier-to-entry. Many newbies cut their teeth on WordPress and end up with an adequate and reasonably fast, if not glamorous, website. As noted below, themes are plentiful and can easily turn a plain-Jane sight into something you’d be proud to show the public.
To get there with Drupal, you’ll need the skills of a developer. What Drupal lacks in simplicity, it makes up for in power and flexibility, but this is a deal-breaker for people that just want to publish a blog or make a small, functional website for their fledgling business.
Pushing the needle even more towards WordPress is its default block editor, Gutenberg. Blocks make it easier to assemble pages with varied formatting and appearance without having to bother with widgets or HTML code. Its adoption was part of the push to make WordPress more attractive without adding complexity. Though available by default in 5.0+, many WordPress themes support Gutenberg natively.
The default Drupal 8 theme (currently Seven) offers Gutenberg, but requires enabling before use. Drupal 8 also has far fewer available themes than WordPress, meaning your choice of Gutenberg-friendly themes will be somewhat restricted.
Themes and Plug-ins
The awesome thing about WordPress is the sheer number of plug-ins and themes, and the relative ease of deploying them. Many are free, though not all are created equal, and paying for premium items can yield better support and overall product. For example, WooCommerce is free and gives limited eCommerce capabilities to WordPress, but expect to dip into your wallet if you want to add features or payment types.
For brevity, we’ll extend the definition of “plugins” to include what Drupal calls “modules.” Drupal has no shortage of plugins, but nowhere near as many themes, and you’ll once again need the D” word to properly make use of either.
WordPress has a less than stellar reputation for security. Its popularity makes it an attractive target for prospective attackers, as does its status as an amateur-friendly CMS. Many site administrators simply don’t bother to update, leaving their sites vulnerable to known vulnerabilities. However, it is a mistake to assume that running the most current version inoculates your site, as roughly even current sites can fall victim to attack.
Furthermore, while WordPress is quick to respond to security threats, the same cannot be said from many of the same plugins that make it so popular. The more you add, the greater the threat becomes, as each plugin serves as a possible vector for attack.
Is it possible to maintain a secure WordPress site? While nothing is hackproof, you can take active measures to mitigate the threat. It starts by choosing an experienced web host (*cough* we might know one *cough* *cough*), and continues by taking steps to stay current on each and every theme and plugin on your site.
As long as you’re running Drupal 7 or later, you’re as safe as New York State, the Government of Australia, whitehouse.gov, Twitter, eBay, and NASA, all of whom use Drupal. This should not be interpreted to mean that Drupal sites are immune to security threats. Rather, the smaller number of poorly-coded plugins and themes, combined with the more developer-centric requirements, make it less vulnerable to Internet villany. Finally, it’s relative unpopularity compared to WordPress makes it a less attractive target.
WordPress was born as a blogging platform. As such, it’s a more natural fit for websites presenting most of their information within articles, as opposed to albums of interconnected information. Time and the devoted efforts of the open source community have diversified it somewhat, although you’ll need to rely on plugins to broaden its functionality.
Drupal can do anything. We advise against choosing it as your blogging platform, but if you have developer know-how or the resources to hire one, it’s a far more versatile platform. Drupal is also innately mobile-friendly and has stronger core support for multilingual content. Finally. WordPress plugins themselves tend to be “plug-and-play” solutions, while Drupal plugins offer richer customization capabilities.
WordPress was designed with simplicity in mind, allowing for easy and swift editorial collaboration among a handful of team members. This is great for blogging, but won’t offer enough granularity for any enterprise requiring a team with numerous roles and permissions. This can be extended with a plug-in, of course, but that’s another one to find, watch for vulnerabilities, possibly even pay for.
With a built-in access control system that allows fine-tuned control, Drupal is the clear winner here. You can create custom roles, set multiple levels of user permissions with different degrees of access, and grant multiple roles to a single user. Even if such granularity doesn’t appeal to you now, it gives you scalability if and when your team grows.
Both WordPress and Drupal have eager and knowledgeable online communities that love nothing better than to bring others into the fold. You’ll find no shortage of online tutorials and documentation for either platform.
That said, if you’re looking for developer support — optional for WordPress but practically mandatory for Drupal — you’ll pay more for the latter. This is simple supply and demand, as WordPress developers vastly outnumber their Drupal brethren.
Drupal vs WordPress: Who’s the Winner?
We know, we know! We don’t like ties, either.
Looks like you’ll have to play judge and cast the deciding vote for who has earned the right to build your site. If it helps, we’re happy to help you host WordPress or Drupal, and we’ll keep any “tribal sentiments” to ourselves.
|Ease of Use||Not user-friendly to lay persons; developer assistance advised||Gets the job done easily and quickly; easy to install|
|Themes and Plug-ins||Not as many, harder to install||Many and easy to install|
|Security||Favored by governments; user knowledge tends to make it more resilient to attack||Each theme and plug-in is a potential vulnerability; popularity makes it a favorite target of attackers|
|Flexibility||Better at anything other than blogging, provided you have dev skills; innate mobile and multilingual functionality||Great for blogging; needs plug-ins for everything else; effective plug-ins can be costly|
|Access Control||Innate fine-tuned control||Limited without plug-ins|
|Support||Helpful community, but developers are more costly than their WordPress counterparts||Helpful community, developers are optional and less costly|