Did you know Drupal has racked up over 40,000 contributors since it was first created in 2001?! Neither did we, until the super awesome Angie Byron joined us on The Changelog last week to tell us all about it.
We also learned just how awesome the Drupal community is (much like Dev.to!) and how they work to keep that the case. You don't want to miss this episode:
Find the full show notes and transcript on changelog.com.
Top comments (12)
It's probably helpful context to know that I've worked with Drupal the past 6 years. I've seen the good, the bad and the ugly. I think PHP, in general, gets a lot of bad reps because of how awful it was at once point. I'm also a front-end dev, so I hardly do PHP since now that Drupal is mostly object-oriented, I don't need to write it for basic things like templating.
But like you said "over the past decade".... the troublesome part is technology that lasts as long as PHP has will have some reallllly dark times haha. I'm really happy to see how Drupal has evolved, and the security team works SUPER hard to find bugs and release patches. The edge WordPress has is they automatically update for people (I think, I don't do WP). Drupal doesn't do that yet, and so if you don't patch something immediately because of lack of budget, your org could be screwed.
BTW I am not saying you're wrong here, and I wanted to clarify that because the internet can misconstrue things easily. Just discussing.
I really like the Drupal Community. If I were to ever leave, that is where I would miss it the most. I also work with really intelligent people, many of whom are on the security team, and they do great work.
As for any technology, security is highly dependent on how it's implemented.
I have a number of Drupal sites upgrade automatically with a cron script (using composer & drush). In discussion with some Drupal administrators they seem
to prioritize stability over security. They to forget that a compromised system is very unstable.
Drupal is way more secure than it used to be. The problem with Drupal IMO is the learning curve, people not updating their sites when security releases come out, etc.
I came to make the similar comment, but then I remembered how Wordpress' security history is swiss cheese. Maybe not as colossal in comparison to Drupal, but definitely not bulletproof π€
In the last year or so we had a SaaS company in the cannabis industry get hacked have a huge data leak π₯ and downtime π because they were using an immensely outdated version of Drupal.
It could have been an old version of Wordpress too, but I feel like WP encourages upgrading more (even pushing more stable PHP versions with newer releases).
I've used Drupal 7 for the last five or six years and would never recommend anyone use it for anything whatsoever.
I've used Drupal 8 in passing and it's basically a relatively modern PHP framework that is encumbered by some of the ideas from the earlier versions of Drupal. I'm not an expert but I wouldn't recommend anyone use it when there are better solutions out there that cover the same ground.
The community is quite nice though, and there are some especially helpful people on freenode/#drupal_support.
lol, don't get me started on Gutenberg....I have so many accessibility rants regarding that.