Drupal is a lot of trouble

This site uses Drupal. Drupal has turned into a nightmare. It was fine when there was a single 4.x version out there, but soon after 4.x, there was 5.x. Then 6.x. Upgrading from a older version is near impossible.

There always was the assumption that some amount of coding would be required by anyone running a Drupal site. But be prepared - you will be hacking modules left-and-right to get any thing running. At this time, one has to question whether the amount of hacking required to get things to run are worth it. Maybe all CMSes have this problem, but certainly Drupal is really a poster-child for impossible-to-ever-upgrade software.

The problem occurs because Drupal changes the API every release, adds new incompatible features, and modules and themes become unusable. And since modules and themes are merely someone's weekend project, it can be months or years before a module becomes compatible with the newer Drupal version.
Core drupal does not have image handling capabilities or spam fighting capability so even a basic site will need to use external modules. Add things like forums, automatic aliases, FAQs, it becomes a large collection of non-core modules.

The advantage of Drupal is that it is extensively customizable, and has a wide range of modules. This is exactly the same thing that makes a Drupal site near-impossible to upgrade. Once a site is up and starts to depend on a bunch of modules, rest assured that when a new Drupal version comes out quite a few required modules will not make it to that new version!

Drupal core does get upgraded without problems. But Drupal itself has become super-bloated. Web hosts that worked fine with Drupal 4.7 will not support Drupal 6.x because of heavily increased memory and CPU requirements.
Sure, Drupal 6.x has more things in it - but for a site that worked fine with 4.x, to have the same functionality at much increased resource usage is just bad. Even worse is that the way Drupal code has been written, even just visiting an admin page can completely corrupt the database leaving the site totally unusable. The code can corrupt a site on inspecting certain pages - not changing anything mind you, just looking at something can corrupt your site. Sure, the response from the Drupal forum is that it is the problem of the hosting provider who kills CGI scripts. But it seems incredible that viewing a admin page should cause a completely unusable site when scripts are killed.

It is now nearly a year since Drupal 6.0 was released which was back in Feb 2008.
But many modules are still only available as development versions - and with no sign of a final version. By the time a final version of these modules is available, Drupal 7.0 will be out, obsoleting everything again.

Who is Drupal suitable for?
- Those who plan to extensively customize the core Drupal, and take ownership of any module they run on their site.
- Those who don't plan on or have no need to upgrade to the next version.
- Those who will spend a lot of time coding.
- Those who are hosting at ISPs that do not have resource limits or have very high CPU and memory allowances.

Having installed 4.x, this site had to skip 5.x because of missing support for all modules. It is barely holding together in 6.x at this time - many modules are development versions and there are many problems (just visit the open issues list in a few of the modules you may be interested in at the Drupal site).

And if you are at 6.x - do not enable the "Update Status" module. This will warn you in red background text about the availability of a new version of a module. There is a very good chance that if you are one of the first persons to do the update, you will end up with a broken site. Again, just browse the issues at the Drupal site looking for people reporting on updates causing site failures. So once you have hacked enough of the code to make your site working with 6.x, don't update any module (even for security updates) unless you have set aside a full day to backup your site, do the update, run tests, and revert back if or when things fail. Disabling the update status module is the best option for a 6.x site.

Next stop - look into how much effort it would be to move to something simpler, like Wordpress. That is not going to be easy but it may be far less aggravating than going to Drupal 7.x or 8.x.


A Better Alternative

Take a look at Expression Engine! Being a commercial product it has a lot smoother upgrade path than Drupal, and it also has stellar support and documentation. Granted it has fewer external modules available, but the core system plus the modules that are available provide excellent functionality. The new version, 2.0, that will be out later this year (possibly this spring) will integrate CodeIgniter framework and jQuery in the core! I'm doing my first larger site integration with EE currently, and am quite happy with it — and I'm looking forward to v2.0 that brings even more power and ease of use!

linkfilter because like is said here going from 5 to 6 is tough


I would very much like the linkfilter (http://www.aczoom.com/cms/software/web/link-filter-drupal-module) to use in my drupal 5 site, because I am not able to get the time to convert it to drupal 6 as you said on this post.
Please build it also on D5, so lots of other people like myself can use it also!


Both 5.x and 6.x versions already available

Linkfilter has been available for 4.x, 5.x, 6.x for a long time now - all the downloads are available in the main posting at link-filter-drupal-module.

Can't agree more

Hi Avinash,

I can't agree more. We currently have sites sitting on Drupal 5.x that can't be upgraded any further even within the D5.x version set because of D5 modules that can't be upgraded any further without the module upgrade process deleting large chunks of user data. Much less trying to upgrade these sites to D6.

Modules are a great feature for Drupal, but most of the ones we use are either broken in one fashion or another or don't do what you'd expect them too out of the box.

And don't get me started on having to apply the same hacks to core every major upgrade (D4 to D5 to D6) as simple three line BS bugs just aren't fixed.

If you write a conversion document from Drupal to Wordpress, please drop me a line. I'm pretty sure all my clients are going to force me to abandon Drupal, as I'm getting tired of being asked why I recommended they use something where I keep having to instruct them to do xyz manually, because the inbuilt CMS functionality won't actually do it correctly.


backups ...

My suggestion is that if you are running any website you write a simple shell script to dump the database and tar all its files on a regular basis. I even have it FTPing a weekly backup to an offsite server.

Yes this doesn't solve any problems. But if I can create a new backup in 30 seconds and manually restore from a backup in 5 minutes ... well that comes in handy if an upgrade goes bad.

It is even easier with

It is even easier with extensions such as Backup and Migrate

Pilote pour imprimante

You wont find anything as

You wont find anything as easy to use as Wordpress. You should consider migrating. Installation is a breeze. Upgrading is point and click.


Recent experience from a casual user of both

I have tried Drupal 6, and have found that about 4 out 5 modules are broken. I am now trying Wordpress 2.8.4 (latest version, as of this post).

I am using 2.8.4 because of serious security issues with previous versions. I did a little research, seems that wp security is a huge issue. Some argue that wp is insecure by design.

One feature I liked about wp, is being able to add a plugin from the site, no need for the cli, ssh, ftp, unzipping, or loading the files in the correct directory - or so I thought. Problem is: wp often require me to hack the source the code of new a pluggin - i.e. install some small bit of PHP. I can edit the files from the site, but unless the permissions are very open, I can not save the files. And considering wp's security issues, I am not sure if I want the file permissions to be that open, so it's right back to the command line. BTW: I thought wp prided itself on the user not needing to be a developer, but I never had to hack source code with drupal.

The most frustrating thing to me, however, is that practically none of the wp plugins work, and some of the plugins break other plugins, and I am not getting much help from the wp community. I suppose the issue is largely due to 2.8.4 being so new - still.

Still, I am getting the idea that wp is not very secure, and not very robust (i.e. breaks easily). I don't want to jump to conclusions, but after trying to build a simple family site, for a about a week now, I am getting frustrated with wp.

Don't think like a Drupal user

You're doing it wrong if you're hacking source code.

Visit Ian Stewart's site or Justin Tadlock's -- both are strongly pushing the notion of "parent themes" in WordPress, and both have developed very impressive Parent Themes to work with.

But you don't have to install a parent theme or learn about child themes... the reason why I bring them up is because both sites offer a wealth of information on how to change basic WordPress behavior without touching core files at all. WordPress has a great, highly flexible API (filters and actions) that I suspect turns out to have more potential than even the original developers suspected.

In earlier versions of WordPress (been using since v. 2.0), I did have to do a lot of hacking to get the CMS capabilities I wanted. But that is no longer true at all.

With templates, a functions file for custom functions, the ability to turn off or filter various WordPress functions according to taste, and a thriving plugin community, you absolutely should not need to hack core files at all.

Learn to think a bit more like a WordPress developer, and you'll be surprised at how flexible a platform it is.

I'm sounding like a fanboy here, but I certainly have had my grievances with it in the past. It has improved tremendously over the last year, and I suspect the next year will be even better.

Yeah, I'm using a lot of plugins, and yeah, the upgrades for complex sites can still be a bit hairy. And yeah, there's a lot of very basic stuff that you wonder why isn't included in the core.

But for all that, if you've been working with something as complex as Drupal, you should be able to tweak WordPress to your heart's content... you just need to start understanding that it's a different approach (an easier one, IMO).

Also, do NOT use those stupid WordPress editing abilities to edit core files, CSS, or plugins. It's an invitation to disaster, editing files on the fly, and I don't know why WP doesn't finally just drop this "feature" (read: security hole and bad practice to begin with) that was probably great back when it was just a bunch of hacked together geekery, but is irrelevant and dangerous today.

Use an editor and FTP, just like you would for any other project.

Drupal is an absolute

Drupal is an absolute nightmare unless it meets your needs very closely and you are willing to compromise or aren't afraid of getting your hands dirty to modify things. However, if you do, then you hurt your chance of possible future upgrades. Is there any great need to upgrade? Probably not. Not unless you wanted a new feature/module that is only available in a newer version.

The other problem with Drupal is that it doesn't scale well. Not any version or fork thereof. So I would extend your "Who is Drupal" for part to also include "small sites" because it is not an "enterprise" solution or any kind of real "professional" development tool. It is merely made for people who want to read a "For Dummies" book and setup a site real quick in a weekend.

Since it's free and since it really does give you a head start on a site, it's caught the attention of many people. However, there are no shortcuts in web development. Thinking you can save a ton of time is exactly what will get you into trouble. Use Drupal to learn. Use Drupal to setup a small site, use Wordpress, Joomla, and so on. However, don't ever ever ever think that any of these CMS' are built for high traffic, complex sites full of a lot of content. It simply isn't the case no matter who you talk to. Anyone telling you that it is, does not know what they are doing with web development.

Again, this is not to say Drupal, Wordpress, Joomla, etc. can't make you a very successful site. It's just to say that you need to be extremely careful when building large sites and if you're developing something complex that will change often especially, or receive a lot of traffic...You simply should know better. If you go to grab Drupal off the shelf, you shouldn't be building the site in the first place. I fully support Drupal, Wordpress, Joomla, and so on for the everyday typical site and user. Look, it's used on this site with success. However, I do not support it for people wanting to make a quick buck thinking that they can cheat something or someone.

Not true at all

> However, don't ever ever ever think that any of these CMS' are built for high traffic, complex sites full of a lot of content. It simply isn't the case no matter who you talk to. Anyone telling you that it is, does not know what they are doing with web development.

I'm sure the developers at The Economist, The Onion, Warner Bros, MTV and Sony BMG (to name just a few) would disagree with you.

Also, the Whitehouse official

Also, the Whitehouse official website, and the BBC (just to name two very small organizations).

The numbers

Here's a chart on Drupal 6 adoption:


Not saying Drupal can't be improved, particularly for usability, but the adoption rate says to me that the software is meeting a need, and that issues such as those raised on this thread are constantly being addressed.

On contributed modules that aren't updated.... First, it's important to do some due diligence in the Drupal community before selecting contributed modules, to see which are being actively maintained by a community (and hopefully not a single developer). Second, contributed modules are just that: contributions that are freely given. If you find that getting a module updated is absolutely critical to your business model, you might consider giving back to the community and sponsoring the module.

Managing Drupal in Production Environment

So once you have hacked enough of the code to make your site working with 6.x, don't update any module (even for security updates) unless you have set aside a full day to backup your site, do the update, run tests, and revert back if or when things fail.

In other words, use some semblence of best practices when updating the software running your website. Anyone who naively drops software updates into a production environment is going to get bit by it eventually, so I don't really see how this point applies. If it's a weakness, it applies to almost all software packages in existence, including Wordpress. I've had updates to contributed modules whitescreen my WP-based blog after an update, for example. And no, I didn't do the right thing and test them on a copy. I'm just as fallible as the next guy.

And keep doing this for years...

Well, the trouble is - from 4.x to 5.x to 6.x - it took two years of repeating the update process, modules broke in strange ways, and could never update successfully - always had to roll back.
This site therefore never went to 5.x - all tries were unsuccessful. 6.x also took multiple tries, and moving away from some modules.

Now, this site is working on 6.x. 7.x will be out soon, and it will be a crap-shot as to whether an upgrade will work. For security reasons, upgrades are necessary, so it is not safe to run a old version, therefore this is a big issue.

The moral is don't use modules unless absolutely necessary, and if you do use one, prepare to accept ownership for fixing it. Without modules, Drupal is not useful, so this is a problem!

Idiotic, Idiots

OK guys,

So now that your idiotic little blog has been quoted by some ------ reporter at Slate, as a reason to trash Drupal-- evidently because he couldn't find any better source to trash Drupal-- a very quick response.

You seem like the kind of person who wants someone to give them a car, for free. Without thinking about the engineers who have to make it, and who will wish to get paid.

Drupal is provided to you *FREE*. Can I say that again? If you want support, you can purchase it in a variety of ways.

That said, you do not (really) mention which modules you have a problem with. Generally, it is not difficult for someone with a little experience to upgrade active, supported modules from 5.x to 6.x.

However, there a great deal of modules out there, written by third parties, who no longer wish to give their free time to code them further.

It is stated in advance, that these modules may not remain compatible with future releases. How much more clear can this be? If you use something provided to you for FREE, which says "no further support may be given" (for FREE), and that it may not be compatible with future versions (also FREE), then what do you have to complain about?

And how else would you like this to work? Someone has to code things. Do you expect them to do so, for free, because some owner of a little blog that they paid nothing for... is... whining?

That's about it. If you want a little platform for blogging, like WordPress or ExpressionEngine or all the others, and know the limitations (you probably don't), then go with that. If you want a highly flexible, powerful CMS "framework," with thousands of developers and a very active, knowledgeable support community, choose Drupal.

But please-- don't make random, spiteful, unsubstantiated, false allegations that come largely from ignorance.

Read the main post

All your questions are answered in the main post.
Modules that broke, reasons why 4.x to 5.x to 6.x was a major problem. Even the Mollom module - written by the author of Drupal was broken for months in production release 6.x - read the support requests! And even though broken, that version was still posted as the latest version for everyone to download, and the update module kept throwing up its red warning asking users to upgrade that module and lead them to disaster. There should be some way to immediately rollback a latest version of module if users report it breaks things - but this requires an attitude change to consider Drupal grown-up, and not just someone's hobby. The Mollom update did so many things wrong - large change in the middle of 6.x release, database change that made rollback of just the module impossible, and they did not retract the module even though multiple people reported it was utterly failing to stop spam - its main function!

Having said that - all this is fine, just make it evident on the front page of Drupal that modules for a new release take months to get updated, and try to coordinate better with module developers the timing of a release and key modules. The life cycle of release maintenance is also too small - should keep a old release alive with security patches for at least four years after the release, given that it takes up to two years to get significant number of modules to release status. The hope is that constructive criticism is something that could be used to make a good thing better - and not get nonsense useless comments from the crowd "oh it broke because you did not read the manual, it broke because the user broke it" - just exactly the attitude at the Drupal Conference that the Slate article mentioned. Read the main post and all the comments before ranting pointlessly, people.

The Mollom problem - here is the link 6.x-1.7 Not filtering after update. Multiple people reported serious issue about failing to stop a lot of spam in Jan. Four months later, in May, a patch was issued - just a patch, not a updated release.

Drupal life cycle is four years

> The life cycle of release maintenance is also too small - should keep a old release alive with security patches for at least four years after the release

But the Drupal life cycle _is_ around four years. That's one of the reasons enterprise has started using it. Regarding module incompatibility between major versions, this is a well-known feature of the system. Drupal is based around API and functionality changes between major versions with only bugfixes and security patches allowed on minor versions which mean that it is in fact very stable for each given major release. This stability is one of the reasons that many modules almost everyone uses are in contrib and not core - so they have the freedom to develop functionality within a major Drupal version.

The only reason you need to upgrade within the four year life cycle is if you want the functionality offered in the new version or from newer contrib modules. If the existing contrib modules that your business depends on haven't been ported on your preferred schedule, you have a number of options - you can upgrade it yourself if you like, you can work together with other users and the maintainer, or you can simply pay somebody.

I've done plenty of due diligence on this and no other system is offering anything close to this level of stability combined with growing functionality and the ability to make your own changes.

Link to Mollom problem?

Can you link to the specific Mollom problem you're referring to?

The Mollom Module Problem

Here it is: 6.x-1.7 Not filtering after update Multiple people reported serious issue about failing to stop a lot of spam in Jan. Four months later, in May, a patch was issued .

My first impression exactly

As a web developer I support the concept of open source. I'm a big supporter of CMS and I believe that every self respecting site should be build into a CMS. Both from a client and a developer point of view. The last few years I use dotnetnuke as CMS and now recently I get into Drupal (work related).
My first impressions:
Drupal is not a CMS. There is such a lack of features that comes with a basic installation that you simple can't get any website running efficiently on normal level without installing additional modules. To my surprise I couldn't even find a HTML-editor! This forces us to get into third party modules and patches with all the risk and misery that comes with it, dangering the stability by default. In my opinion a bunch of modules should be integrated & tested into the core.
Drupal is for single users. Don't even think about more then one admin login or you end up calling each other to feel secure enough updating a page. If you don't belong to the group of shop owners that want to update his site in the evening this is not for you.
Drupal is for developers. Because the core is just not enough only somebody with the proper knowledge and experience can build up a Drupal site. Non-coders thinking they can be a web developer in 1 night will end up with a bad product.
So far I get the conformation that my dotnetnuke choice from a few years ago wasn't so bad at all ;-)

you people should blame

you people should blame yourselfs for not reading manuals etc etc, and not a software that has a better build philosophy than assume your users are morons and do everything in the most un-optimized way just to keep them raging monkeys in the cage.. youre not a developer, why are you upgrading your site? would you risk blowing your self up upgrading your car's engine without being a car mechanic? no. point made..

That is a useless comment!

So you had nothing to point out about the facts? Incoherent, mindless comment.

On the contrary

I think a perfectly good point it made here: Drupal is a complicated piece of software that often needs experts to configure and maintain. It comes with the territory; one can build almost anything with Drupal because of the huge range of features provided by contributed modules.

"Who is Drupal suitable

"Who is Drupal suitable for?
- Those who plan to extensively customize the core Drupal, and take ownership of any module they run on their site."

If you are hacking the core that is probably most of your problem with upgrades. Drupal is built so that you can create your own overrides without ever touching the core, that way when you upgrade the core you don't overwrite your modifications and makes debugging easier if there is a problem with your custom code. That said, it's sad the amount of ignorance and inaccuracies of some of these post. They must be written by people that have never bothered to read the manual, or pick up one of the dozens of books on how to use Drupal. And as for the post on scaling issues, you have to be kidding me. Drupal is renown for it ability to scale effectively.

exactly! you created your own

exactly! you created your own problems by hacking the core rather than making a module that does whatever you want. it sounds like you guys would rather take the at-first-glance path of least resistance rather than do something in a smart, scalable ( and possibly even resell-able ) way. If you had any idea what you were doing, hacking the core would be a LAST resort after every other option failed.

but for you drupalers out there, these folks are ignorant complainers who would much rather bitch than actually help with anything.

Clueless commenter - Another

Clueless commenter - Another person who can comment but cannot read the entire post...

Who is suitable for Drupal or vice versa?

OK, at the risk of getting slapped down or snarked or whatever, I happened upon the debate while searching for a module that would allow me to put up an easy weather local link with a map of the area we cover, Pamlico County, N.C. I've used Drupal for about six months, moving from very crude attempts at using Dreamweaver and handcoding some html, with an html text always lying next to my computer. I'd used Wordpress for a few months and didn't like the snarky forums as well as some now-forgotten reasons. I'd read about Drupal on some journalism website and read a bit more, superficially. Anyway, the site went up about six months ago. I've made every mistake one can make – from completely losing the site to odd formatting things that take me days to unglue. In short Drupal is frustrating as heck for this 64-year-old print journalist, back when there was print . . . That said, it is FREE (a major factor for me) capable even in the hands of idiots (myself) of presenting a pretty passable website . . . AND, all the while, indexing and keeping tabs on all the old copy that builds up day by day at a site trying to serve as an online newspaper. In short, I don't love it, but I'm darn glad it is available. Thank all of you module developers and whatever else it takes. Can't wait for version 7 . . . and yep, I won't follow "best practices" and I'll have an hour or two of complete frustration . . . and one day I'll even learn to use Views or something to modify the pretty-darn-good weather module I already have up and running at www.pamlicotoday.com. Drop by in a year or so and you may think we've got a hot-shot web designer on the payroll! Thanks again everyone in development. Basically, in my humble view, Drupal is for anyone wanting to be realistic abut their abilities. Drupal seems to have abilities to spare.

Switch to wordpress

If you're just running a blog, switch to Word Press.

If you want to run a website with different sections and powerful dynamic features, then you're facing a learning curve no matter what tool you use (unless you're paying someone else to built it for you).

I'm sick of the implication that a piece of software is broken just because a moron in a hurry can't figure out how to use it.
If you're "hacking modules" and hacking the Drupal core left and right, quite simply, you're doing it wrong. There are ways to override and adjust almost everything in Drupal, and there is a very extensive core API that doesn't change between minor releases. If you want to use a complex system to implement a complex solution, you might have to invest some time learning and planning what you want to do before you jump in and start "hacking modules".

All one has to do is

All one has to do is experience side by side wordpress admin and drupal admin to know the difference in speed and performance. Drupal was made for programmers and heavy database consumption whereas Wordpress was made for everyday users. Drupal does it 10 times harder than Wordpress, jesus christ do I really need to know what a cck, content type, taxonomy, token, path "insert module here" ?

Wordpress "the CMS Drupal should have been"


Yes, you do need to know what a content type is.