When it comes to selection of CMS for you project it's always better to have experience with each of your options to make the right decision. In this blog post I'll cover findings we've made at Technology Space Bridge working with Joomla 2.5 and Drupal 7. Hope it will make your choice easier.

First of all, if you're completely new to content management systems concept, I recommend to read an introductory post: Content Management Systems: beginner's guide.

Alright, let's start with the factors we will base our comparison on:

  1. Technical knowledge requirements. It's very important point, as this determines how well your solution will work, how much time you'll spend and how easy it would be to maintain
  2. Features availability
  3. Plugins code quality. These days, hundreds of thousands companies and individuals are creating plugins to content management systems... but how good they are?
  4. Flexibility. If today you need only particular set of features doesn't mean you won't need something else tomorrow. Let's see if we can play around plugins' features
  5. Security
  6. Updating process
  7. Documentation & Community

And what about performance? Actually I'm not covering this topic in this post as it's too difficult to do a high-level comparison. Performance depends not only on CMS's core itself, it depends on number of plugins, caching, resources aggregation and other bandwidth optimization techniques, infrastructure and hardware configuration, your own and your customers' location, etc. So, to avoid misleading information let's skip it.

Technical knowledge requirements
In terms of technical knowledge Joomla has moderate requirements. If it's a single-server installation and meant of a small to medium website you shouldn't be a developer. Installation process is easy and made through installation wizard. All needed configuration can be found on Joomla website.

You'll need basic HTML knowledge to set up some Joomla elements, everything else can be done through Joomla interface. I believe average mid-sized Joomla website can be fully set up in two-three weeks and will require another week or two to make final touches.

Drupal has higher requirements. You might not feel this on a basic website, but this changes with increased complexity. When most things shipped with Joomla "as it is", they are configurable entities in Drupal. And this requires understanding of Drupal design. One example are Drupal fields. These are configurable attributes of any content you have. For instance, Drupal article has Title and Body. You can delete Body. Then you can add a new field and call it Article Text or whatever you want. After that you can add as many other fields as you want. Fields are of various types: text, number, image, date, etc. Further, each field can be displayed with multiple widgets. Image can be a single image, image gallery, image zoom, etc. So, more sophisticated Drupal website you need, more technical knowledge and Drupal architecture understanding will be required. Basic HTML knowledge is also a prerequisite for Drupal websites.

Features availability
Things like blog, articles, login/registration functionality, content categorizing, menus and access permissions are available with Joomla core. For extended functionality you need to review Joomla Extensions directory that currently has more than 9000 extensions. They had much more, but Joomla team did a great job cleansing their repository removing extensions that frankly speaking have no right to live.

Part of Joomla extensions is free, another part is commercial and requires a payment within the range of $10-50. Please keep in mind, being commercial doesn't mean an extension becomes better then free one (except trial and full versions of the same plugin). Don't get tricked with this.

Drupal has the same concept as Joomla, except its plugins called modules not extensions. Drupal currently has 16000 of them. But this number should be seen from the different angle when compared to Joomla extensions. Basically because many Drupal modules are additions/extensions of other modules. Let's say widely used module Views that allows configurable display of your content has 42 other modules that extend View's functionality.

Good thing about Drupal is that people usually do not create modules that do the same thing. Even if such happens projects are often merged and module developers become maintainers of modules consumed theirs. With each Drupal release some good modules become part of Drupal core (great example of value community brings to a project that brings value to it).

Another strong advantage of Drupal modules in comparison to Joomla extensions is that all Drupal modules are free. This doesn't create unnecessary competition, when multiple extensions try to offer similar features for commercial benefit.

If you wish to have more details on important Drupal modules, you can review an article: Drupal 7 must-have modules.

Plugins code quality
In our experience code quality of Joomla extensions is quite low. Many extensions are made by amateurs and may contain security breaches, lots of poor code and non-English text (variable names and comments). Also, some companies/developers take over unmaintained extensions, re-brand them and try to position as a different plugin while having the same code base with small additions that sometimes even do not fit well. I think this happens because Joomla team doesn't have proper extension evaluation process. It is also not uncommon that extensions will not integrate well into Joomla core. For instance, some plugins do not implement access permissions or caching mechanisms.

In Drupal case quality is much higher, but you should always check module version. If module has "dev" version, which means it's under development, it's strongly not advisable to install this module on live site. Or you should make intensive testing to ensure module works as expected. "Alpha" modules should be treated the same way. "Beta" modules can work on production, but with caution and go through a testing cycle. "RC" modules usually are fine, just sanity testing should be enough. If non of the above mentioned, version can be considered stable.

When Drupal module problem is found, patch is released. You can install patch and get rid of the issue. Next module's version will contain successful patches, so there will be no need to apply them any more.

Flexibility is definitely not a strong side of Joomla. The reason is that Joomla extensions are just pieces of functionality and do not provide an API to be used by other extensions. So, if you have a form generator, FAQ or event management plugin you usually limited to what it offers. Not more, not less. If you want to use previously mentioned forms, FAQs or events within other extensions or even core you usually cannot (if only you don't have separate extension that allows this).

Drupal is much more advanced in this field. Many modules are released as API modules and can be used by others. To be easily used by business users API modules are usually accompanied by UI modules that provide graphic interface. This doesn't mean you need to install a module and then search for its UI. Usually, when you install module both API and UI parts become available for use, you just enable what you need.

Another great feature of Drupal design is concept of hooks. Hooks are PHP functions that are specially named to represent modules and their methods. Implementing a hook allows site owner or other module's developer to overwrite result of a method of another module. In other words, you can overwrite method X of module A by adding function named "hook_A_X" to your own module or template.php. Method signature is the same as in an original function.

Security of Joomla core is on proper level. Updates are issued frequently and potential vulnerabilities are closed quickly enough. Older Joomla versions are also supported for quite a while which are good news. The problem with security comes with 3rd party extensions. As I mentioned earlier, quality of code is quite poor, so XSS attacks, ACL bypassing, unauthorized uploads and similar flaws are not uncommon. There is no bullet-proof tactics to protect against these issues, what you should do is to try to mitigate damage done by these attacks as much as you can. Do frequent updates, backup your site, protect access to admin page with additional authentication method, review access logs / statistics for suspicious user behavior, block IPs (if necessary), monitor local and world-recognized holidays (i.e. New Year, Christmas, etc.) as this is favorite time hackers do their attacks.

Durpal core is well protected. Of course, as long as all updates are in place. Drupal modules due to higher code quality have less flaws then Joomla extensions, but have to be often updated too.

Updating process
Joomla updating process is quite straightforward. You can do that via Extension Manager. But always backup your site and update on your DEV server first. Especially when it comes to extensions (but for the core too) you need to check functionality and data integrity after update. It happened that extension menu links disappeared or got broken, some features stopped working or even data got corrupted (after update you might see database records missing). So, even though update process is simple you must be very careful. I would advise to follow these steps each time you update Joomla website:

  1. Backup development instance of Joomla. Don't forget to save your code customizations, if any!
  2. Install updates on development server
  3. Do functionality sanity testing (create/edit/publish/format etc.)
  4. Check your data (compare number of records in database, check if data is saving correctly to database table, etc.)
  5. Repeat the above steps for live website
  6. Keep backup and monitor updated extensions/core for at least a week

Drupal update process is similar to Joomla's. You can see available updates on Modules >> Update page. We rarely experience problems with Drupal core/modules updates, but it always advisable to follow the same steps mentioned above for Joomla extensions.

For both CMSs it is recommended to review "release notes" before update. Otherwise, some changes might come up as a surprise and of course when you don't expect it.

Documentation & Community
When you have questions and problems you need to have resources to look for solution in. Two most frequently used sources are:

  • official CMS documentation and forum
  • blogs and manuals maintained by community

Documentation mostly covers core (installation, configuration and further maintenance), but also has some details on security, SEO optimization, etc. with references to plugins advised for use. Each plugin usually have separate forum / help page, link to which can be found at plugin's overview page.

In terms of plugins documentation both CMSs are undeveloped. Plugins can have poor/outdated documentation or it can be absent at all. An only thing that makes difference is the fact Drupal has smaller modules that usually focus on a particular functionality. So, if module isn't documented well (or at all) it's easier to understand it then a bigger Joomla extension.

Both CMSs have forums, but they are frankly speaking difficult to use. There is no proper search and enormous number of topics makes categorization very messy. I would advise using documentation for basics: to understand concept, see checklists and review hot topics. If you're looking for more specific solutions refer to articles by people specializing in CMS of your choice.

When it comes to community, Drupal is way ahead. Drupal community is more saturated with skilled developers then Joomla's. If Joomla has a lot of dead threads where people simply were not able to find resolution, Drupal usually limited to tasks pending with module maintainers and with workaround provided. Also the fact that all Drupal modules are free makes our life easier too. This almost always grants you access to module maintainers or other developers who can help. Commercial Joomla extensions are a different story. Usually, you'll be required to have paid subscription to get proper support, often provided via forum. On other hand, free Joomla extensions are maintained fine, unless developer abandoned it.

Joomla is second most used CMS in the world. In my opinion it's most suitable for small to medium websites and is focused on easy-to-use plugins (extensions in Joomla terminology). Joomla can be installed and configured by people with very basic technical skills. Customization will require PHP, HTML, JavaScript and CSS knowledge. Quality of code and security are on proper level for Joomla core. However, Joomla extensions often do have security, integrity, functionality and performance problems. Joomla extensions have to be intensively tested on DEV server before installation or update. When issues with Joomla arise do not rely much on official documentation it is pretty poor. Average technical level of Joomla community is also quite low. Try to search for articles by people / companies specializing in Joomla.

Drupal is third most used CMS in the world. However, it is more robust and mature then more popular Joomla. Drupal has high quality standards at core and modules level. Security, flexibility and scalability are good enough for pretty much any web application. Drupal installation is as simple as Joomla's but usage learning curve is much steeper. Of course, when we are talking about more advanced sites, like eCommerce. Also Drupal is more demanding in terms of resources. If caching and other bandwidth optimization techniques are not properly implemented this might be an issue for heavy websites.

It is important to understand that there is no single CMS that can be great in every case. Each website is somehow unique. Websites are made by different people and for different people. Spend a lot of time on planning and try to get assistance from someone having vast experience within goals you are trying to reach. All the best!