Drupal as a CMS and Commerce Platform: The Ultimate Guide
The three main players in the traditional, monolithic CMS space are WordPress (which accounts for 27+ million live sites), Joomla (1.8 million), and Drupal (630,000.)
WordPress, which heads up the pack, now powers a staggering 30% of the internet, yet Drupal is still the CMS of choice for many of the world’s largest organizations. Why?
Before you opt for Drupal, you need to know the facts, and that’s what we break down below. What is Drupal? What’s it used for? And, what are the challenges you’ll face along the way?
Considering Drupal as a CMS and commerce platform? Here’s what you’ll learn in this article:
- What is Drupal?
- What is Drupal (mostly) used for?
- How secure is Drupal?
- What do you need to know about Drupal as a content and commerce platform
- You need to maintain the code so that it’s always updated
- You need to hire back-end developers to manage the system
- You’re reliant on “versions” and system updates
- There can be compatibility issues
- Migration is a huge pain
- There is a lack of built-in development tools
- There is little-to-no roadmap influence
- The admin interface is cumbersome
- You have to rely on developers to make front-end changes
- There’s a lack of support
- It’s hard to test anything
- It’s not API-centric
- There are too many ‘Drupalisms’
- Drupal vs. Core dna
Choosing an eCommerce platform?
Download our definitive guide to choosing the right eCommerce platform. Plus bonus questions to ask your vendor.
What is Drupal?
Drupal is a free, open-source CMS (Content Management System) that’s been used by some of the world’s largest organizations to build some of the most popular websites, such as whitehouse.gov, bbc.co.uk, nbc.com, and cityoflondon.gov.uk.
It’s versatile, flexible, and customizable in the right hands, but it doesn’t come with as many out-of-the-box features as WordPress, which is Drupal’s main rival in the traditional CMS space.
What is Drupal (mostly) used for?
Drupal is mostly used for complex, content-heavy, high-traffic sites with large resource libraries and databases - think government agencies, non-profits, and large corporations. But, it can also be used to make eCommerce sites and as the back-end for mobile app development.
Drupal can essentially do everything, but therein lies the problem: Just because you can, doesn’t mean you should!
Too many people are using Drupal when a simpler, more secure, more manageable solution would be far more suitable, not to mention cost-effective.
How secure is Drupal?
Drupal is open-source, which some people believe makes it less secure than proprietary software - after all, anyone can read the code and take advantage of the bugs!
Alas, it doesn’t quite work like that. If you study how people break software, you’ll find they commonly use IDA Pro rather than the source code.
According to Dr. Ian Levy, technical director with the CESG, a department of the UK’s GCHQ intelligence agency, good open-source is just as secure as any good proprietary software.
Drupal, like other popular open-source software, has a highly active community that’s always on the lookout for bugs.
Drupal also has a dedicated Security Team that issues patches, notifies users of vulnerabilities, and provides advice and support to developers around writing secure code and building safe sites.
But you can’t rely on others. To stay secure, you have to continuously update code both within Drupal and across your hosting infrastructure. You can’t set up a secure Drupal web application server and leave it to do its job.
Security updates are released every Wednesday, and users have to stay on top of them. It’s a big responsibility for whoever’s in charge.
It’s worth bearing in mind too that Drupal does have a somewhat chequered past when it comes to security, having experienced two breaches of legendary proportions.
In 2014, hackers compromised 12 million websites in an event comically coined ‘Drupalgeddon.’ The attackers took control of servers and seeded sites with malware.
Then in 2018, we bore witness to Drupalgeddon2, where hackers took complete control of Drupal 6, 7, and 8 sites.
This is why most people opt for a SaaS content and commerce platform. With a SaaS content and commerce platform, there is nothing to install, update or maintain. The vendor takes care of all technical issues so you can focus on creating and managing content
13 things you need to know before using Drupal as a CMS and commerce platform
Here are some things you should know about before using Drupal as a content and commerce platform:
1. You need to maintain the code so that it’s always updated
In the words of the Drupal Security Team, “eternal vigilance” is required to keep your Drupal site secure and functional. This means updating code, both within Drupal and across your hosting software, on an ongoing basis. It’s time-consuming, and a big responsibility.
2. You need to hire back-end developers to manage the system
With an all-in-one digital platform like Core dna, there’s no need to hire back-end developers to manage the system. That’s not the case with Drupal. While little programming skill is required for basic use, Drupal’s sophisticated programming interface and steep learning curve requires technical expertise to master.
3. You’re reliant on “versions” and system updates
To take advantage of the latest features and updated security, users have to keep Drupal core updated, which is difficult, time-consuming, and expensive.
4. There can be compatibility issues
A module installed in one version of Drupal might not be compatible with later versions, and you often don’t find out until it’s too late or you have to do a test migration before running it on the live system, which also takes time.
5. Migration is a huge pain
Drupal has a migration module that can handle the job for small websites, but when it comes to large, complex sites, migrating from one version to the next can be an incredibly complicated procedure, fraught with challenges such as re-indexing searches, deprecated functionality, etc.
6. There is a lack of built-in development tools
The lack of built-in development tools in Drupal means the customers will struggle to achieve the site of their dreams without employing expert help.
7. There is little-to-no roadmap influence
Despite voicing their opinions, sometimes rather vocally, Drupal power-users find, all-too-often, that their views fall on deaf ears and fail to have an impact on Drupal’s roadmap.
With Core dna we regularly chat with our all customers and take feedback on the roadmap and adjust based on the overall demand. Since day one we have seen our customers as the key stakeholder in the decision of what to build into the platform. We have never built a feature that wasn’t needed by a customer straight away.
8. The admin interface is cumbersome
Drupal 8 has faced lots of criticism for its dated admin UI. Even Drupal founder, Dries Buytaert, admits that it needs a major interface-lift. Fortunately, it does seem this issue will be addressed in Drupal 9.
Download this guide: How to choose an eCommerce platform
The definitive guide to choosing the right eCommerce platform for your business.
9. You have to rely on developers to make front-end changes
The back-end developer is responsible for what goes on behind the scenes, including the server, application, and database. The front-end developer, on the other hand, is concerned with converting data to a graphical interface (i.e. what people see when they visit your site). To create the Drupal site of your dreams, you'll need an experienced front-end developer on-hand.
10. There’s a lack of support
Drupal has a history of dropping support for older versions, leaving users in the dark. And, plenty of older modules are no longer properly maintained.
11. It’s hard to test anything
The Drupal module responsible for testing is called SimpleTest. It was first built back in 2004, later becoming a part of Drupal core. Unfortunately, despite being around for over 15 years, it’s still prone to crashing.
12. It’s not API-centric
Core dna is an API-first solution, meaning content can be distributed to any device. Drupal doesn’t take an API-centric approach, so it struggles to distribute content beyond laptops, smartphones, and tablets out-of-the-box.
13. There are too many ‘Drupalisms’
A ‘Drupalism’ is a non-standard way of working that’s particular to Drupal. Drupalisms are slowly being phased out in favor of OOP standards, but there are still way too many of them, making working with the software frustratingly counter-intuitive at times.
Drupal vs. Core dna
|Content management system||✓||✓|
|Flexible content model||X||✓|
|Requires internal front-end development team||✓||X|
|Requires ongoing maintenance||✓||X|
|Modular applications||X||A collection of applications for content, eCommerce, marketing, and collaboration|
|3rd party integrations||Using 3rd party plugin||ERP, CRM, Marketing, CDP, payment gateways, shipping providers, logistics engines, tax calculation & remittances, web hooks|
|Performance/security||Managed by users/customers||WAF/DDoS, Geo-redundancy, TSL/SSL encryption, CDN|
|Monitoring||Managed by users/customers||Performance & uptime monitoring, error management|
|Infrastructure||Managed by users/customers||API/Hooks interface, GIT version control, continuous and parallel development|
|Network||Managed by users/customers||Managed geo-redundant DNS, Anycast IP range, 45 Edge locations|
|Best for industry||Content-heavy websites||eCommerce, publishing, marketing|