Menu Menu

4 Drupal Drawbacks Debunked

Duo on August 7, 2014

Like any software Drupal isn’t perfect, that’s why we’re currently on Drupal 7 and not Drupal 1. The problems critics often point to when talking about Drupal however, are often not the insurmountable obstacles they’d like you to think. The amazing thing about working in an open source platform with a community of contributors is that there are few problems that can’t be solved.

A week ago we found a blog post that outlined some of the often critiqued aspects of Drupal and why they shouldn’t stop you from choosing Drupal for your new site or site rebuild. So here they are four examples of how Drupal has overcome obstacles.

1. Drupal Uses Too Much Memory

As John Locke lead developer and founder of Freelock points out, “Under the hood, Drupal has a really powerful hook system, which auto-detects and auto-loads functionality.” This also means that  Drupal has to load all of its modules on every request to see if it implements a necessary hook, and this comes at a cost. Large sites that load many modules have been known to slow to a crawl when there isn’t enough RAM available.

How does Drupal overcome this? There are two possible solutions. The first is simply to buy more RAM. As Locke says, “hardware is relatively cheap, and with the various caching strategies we typically use with Drupal, we can get sites speeding along.”

Don’t want to buy any more hardware? Have no fear. Solution number two is to tune Drupal to make the best use of the hardware you have. First, enable Drupal's caching capabilities. In addition to the basic caching options found on the Performance page of your Drupal site, you can head over to your site's Views configuration and enable time-based caching for views where the content doesn't change often. Also, if you have any custom modules written specifically for your site, you can evaluate ways that they could leverage Drupal's caching features for things like custom blocks.

To help alleviate Drupal's 'problem' of loading all of its modules on every request, you should take some time to look through the list of enabled modules and deactivate those that aren't in use, or provide trivial functionality to your site. Some modules that could fall into this category include Migrate, Devel, Color, Overlay, and Database Logging (always use Syslog on production sites!). Also, turning off the "UI" modules (Views UI, Context UI, Rules UI, etc.) when not necessary will help site performance.

Another easy way to lower overhead is to compress CSS and JavaScript files. Settings for these are found on the Performance page of your Drupal site administration section.

2.  PHP Isn’t Secure

Drupal is built in PHP, which has its upsides and its downsides. As Pete Babb of Info world says, “PHP's simplicity can also be its undoing.” One of the downsides--or, at least, one of the supposed downsides--is that PHP’s simplicity leaves it open to a list of security issues.

Thankfully many of these issues have been addressed already. Newer editions of PHP are much more secure and have developed out of past vulnerabilities.

Drupal comes with a host of functions that help ensure things like cross-site scripting, SQL injection, and other points for hacking are as secure as possible. It's up to people writing code for Drupal to use these when possible. The most vulnerable sites are those that have a novice developer who doesn't know these exist, or doesn't use these to helpkeep a site secure.

For any issues you might still be worried about havae no fear there is also a Drupal security team for that ( The team watches for security vulnerabilities in Drupal core and popular contributing modules. Security patches to Drupal Core also come out as needed. So as long as you are maintaining your site and keeping security patch installation up to date your site should be nice and secure.  And of course, Popular Contributed modules not part of Drupal core will have security updates on a regular basis. Again, it's up to sitemaintainers to keep their installations up to date.

3. Drupal Keeps Changing

New versions are both blessings and curses. They fix a lot of old problems, but can also introduce new ones. They offer greater functionality in the long run, but without all of the custom modules of earlier editions they are not nearly as functional out of the box.

With Drupal 8 right around the corner some people are preparing for what they assume will be a horribly painful upgrade. But there are a couple things to keep in mind. First It's rare that an update to a Core or Contributed module breaks a site's functionality, unless it's to address a security issue. And site developers should not blindly update sites without testing.

Second, As with any software, if you're moving from one major version to the next, you can expect things to be remarkably different. If you're updating minor versions (say 2.3 to 2.4), you should be safe, but it's always a good idea to test! It’s also important to note that “most module maintainers provide decent upgrade scripts, upgrades tend to happen with no data loss and very little functionality change,” says Locke.

Finally there is no need to transition to Drupal 8 immediately. Drupal 7 is here, and it’s here to stay for a while. You can still get many years of use out of a Drupal 7 site while bugs in 8 are being fixed and modules are being developed. In fact, at Duo we would still advise clients looking for a new or refreshed site to build in Drupal 7.

4. Drupal Developers Aren’t Reliable

To this concern we say yes and no. Drupal has an amazing community of contributors. Along with that community comes a broad range in people who label themselves Drupal Developers. There are developers who haven’t done anything more than build their personal website on Drupal, and developers who have been around for 20 yearsbuilding professional sites through all 7 iterations of the platform.

So how do you know if you’ve found a good developer?

Look for developers with a history of excellent work. Developers who have had time to make mistakes and aren’t afraid to admit to them. Those are the same clients who have learned how to work with Drupal and how to solve problems. Finally, remember that an premium site comes at a premium price, but that it will yield the best results in the end.

START THE PROCESS  Schedule a Website Audit Schedule Now