WordPress has had a turbulent year. Developers and agencies are asking hard questions about their platform choices. WordPress still powers about 40% of the web, but people are looking around, and Drupal is getting attention again.
We spoke with Steve Persch, Director of Developer Relations at Pantheon, a Patchstack partner, about Drupal’s evolution, the recent launch of Drupal CMS 1.0, and why developers who dismissed Drupal years ago might want to take another look.
The Great CMS Divergence: What Happened?
Many developers remember when the CMS landscape looked very different. Around 2007-2010, WordPress, Drupal, and Joomla were locked in a much closer race for market dominance.
Steve recalls the pivotal moment that changed everything:
“At DrupalCon 2010 in San Francisco, Dries talked about Drupal hitting 1% of the web and WordPress being something like 8% of the web. He emphasized that he saw differences in the bets that WordPress and Drupal were making.”
The key difference? Drupal’s willingness to tear things down and rebuild.
“Drupal was comfortable betting on regularly reinventing itself. To move a website from Drupal 5 to Drupal 6, to Drupal 7, to eventually Drupal 8 – for professional-grade websites, you really weren’t going to use the upgrade techniques that were built into Drupal core. You were going to just build a whole new website in whatever the new version of Drupal was, and then migrate all of your content to the new website.”
This made sense during the mobile revolution – iPhone in 2007, iPad in 2010. Sites needed rebuilding anyway for touchscreens and responsive design. But as things stabilized, constantly rebuilding became a drag.
“It’s greatly slowed down the expansion of the community around that era,” Steve explains.
Enter Drupal CMS 1.0: Starting Over
After 24 years, something big happened in January 2025: Drupal CMS 1.0. The naming is confusing on purpose, and you need to understand why.
“There is still a thing called Drupal core, and there is a new way of building on top of Drupal core,” Steve clarifies. “Drupal in the last few years has added the concept of recipes.”
Understanding Drupal Recipes: Less Clicking, More Building
Recipes tackle the complexity problem that’s been Drupal’s blessing and curse.
“Drupal’s greatest strength, its greatest weakness to some degree, is its configurability. Drupal is massively configurable. You add a module, and you get so many check boxes, especially for something like search or SEO, and adding check boxes is easy. Taking check boxes away from anything is nearly impossible.”
Recipes cut through this by giving you pre-made, tested configurations:
“With recipes, we get this convention of the community deciding that this particular combination of modules and configuration is just the best way to do SEO in Drupal right now in January 2025.”
The time savings are real. Steve talked to an agency that told him:
“These recipes are taking what otherwise would be 4, or 10, or 50 hours of clicking, and they’re compressing it into just a minute of ‘apply a recipe.'”
The Power of Apply-and-Iterate
Unlike older Drupal distributions that locked you into specific setups, recipes work on existing sites:
“You can take an existing site and apply a recipe on top of it. Like for my own website, I want a better way to do YouTube embeds, but with Drupal CMS, there is now a recipe for remote videos.”
This fixes the old problem where Drupal distributions tried to please everyone and ended up pleasing no one:
“Rather than having a distribution that you install at the beginning of a project and then inherit updates forever, you can take an existing site and apply a recipe on top of it.”
AI Agents: Drupal’s Answer to Complexity
The most interesting addition to Drupal CMS might be AI agents built right into the admin. For Steve, this tackles Drupal’s biggest problem – the learning curve.
“What if you could just type the same way you do with ChatGPT, ‘can you make me the best calendar?’ The demos work, and we see it working.”
The AI sits between Drupal’s power and everyday usability:
“You don’t have to make dashboards with red buttons. Just protect people in the background. You click one button, and it’s activated.”
Steve’s not getting carried away with the hype, though:
“The demos work, it looks cool. The hype is going up, and then we’ll find like, in some ways this doesn’t yet fulfill all the promises, but then I do expect we’ll start climbing out of the trough of disillusionment.”
When Drupal Beats WordPress
Complex Data Gets Messy Fast
Steve got into Drupal because of a problem WordPress couldn’t handle cleanly:
“I went from working on a blog for a theater company, and then they wanted me to replace their older hand-coded HTML main website. It needed to be able to track and display information like every theatrical production they’ve ever done, dates of every single upcoming performance, ideally the names of all the actors, and which roles each actor played in any given performance.”
This kind of connected, relational data is where Drupal shines:
“Building up a complex data model like that is just more normalized in the Drupal world. Similar things are possible with the ACF suite and other tools inside of WordPress, but they’re more normalized in Drupal. They’ve been in Drupal core since Drupal 7, which came out in 2011.”
The Views Module Has No WordPress Equal
Drupal’s most powerful feature doesn’t really exist in WordPress:
“The Views module gives you the power to build complex queries around those data structures and display the results.”
When WordPress Wins
Steve admits WordPress has big advantages in some areas, especially publishing and team onboarding:
“The case study from Fox Media was persuasive – they chose WordPress in part because of its ubiquity. For them, the ability to onboard new employees and say ‘you know WordPress, right?’ and practically anyone in the publishing world will be able to say ‘yeah, we know WordPress’ – that use case still makes a lot of sense.”
Security: Two Different Philosophies
The security conversation shows how differently these platforms think. WordPress’s auto-update approach creates certain risks:
“So many of the WordPress vulnerabilities depend on a writeable file system, and the WordPress community does cultivate that expectation that the whole file system should be writeable.”
Drupal runs things more systematically:
“There’s a Drupal security team that oversees core and contrib. On Wednesdays (it’s always on Wednesdays), security fixes are published. Most Wednesdays, I get a series of emails saying ‘this module has a security release.'”
The security team doesn’t just handle core, they cover contributed modules too:
“The security team identifies the issue, helps identify what would be necessary to remediate the issue, and then get the fix out the door.”
For hosting companies like Pantheon, this creates chances to get ahead of problems:
“When we hear about these kinds of issues, we can put in mitigations for everybody because often these kinds of vulnerabilities run through very specific URLs that are suspicious, where a pattern can be identified.”
The Lego Philosophy: Why Developers Stick With Drupal
When asked how he’d sell Drupal to a tired WordPress developer, Steve uses a metaphor that hits home:
“People all over the tech community compare our tech work to building with Legos. I find that Drupal fulfills that feeling in a way that I don’t get with other systems. The way the modules click together, the way the fields click together, I find it viscerally enjoyable.”
This building-block approach runs through the whole architecture:
“With Drupal, you get the expectation that you install a module like Search API and then that gets extended by Search API Solr, and then that gets extended by Search API Pantheon – and these things build on one another in a way that I find just satisfying and exciting.”
The payoff is cleaner, smaller code:
“I find it satisfying that Pantheon’s Solr search module is relatively small, that our caching module is tiny because it’s leveraging the functionality that is already there in Drupal core.”
Getting Started in 2025
For developers ready to try Drupal CMS, Steve says, start hosted:
“I’d say install Drupal CMS on Pantheon. Then you don’t have to worry about the MAMP details that I had to worry about when I got started in 2007.”
For local work, he likes DDEV:
“If you enjoy local development tools, DDEV is a great Docker-based option for running things locally.”
The main thing is removing friction upfront:
“If you just want to click, click, click, Pantheon has a way to spin up a fresh instance of Drupal CMS in a few clicks.”
Where This Goes Next
Drupal CMS 1.0 is more than just another release. It’s Drupal saying, “We get it – you want the power without the pain.”
Recipes, AI agents, and modern hosting tackle the old problems that sent people running to simpler tools.
For WordPress developers, Drupal offers something mature and stable: good security practices, powerful data handling, and a fresh focus on not making developers miserable. It’s not about whether Drupal can compete with WordPress anymore; it’s about whether you want to see what modern Drupal can do.
Building complex data sites, managing client projects, or just wanting that satisfying feeling of pieces clicking together – Drupal CMS 1.0 might be worth your time.
Ready to Explore?
Get Started with Drupal CMS: Experience the power of modern Drupal with Pantheon’s managed hosting platform. Spin up a new Drupal CMS instance in minutes and see how recipes and AI agents can accelerate your development workflow. Explore Pantheon’s Drupal hosting solutions.
Secure Your Sites: Whether you choose WordPress or Drupal, comprehensive security is essential. Patchstack’s mitigation technology provides real-time protection against vulnerabilities, giving you time to update without the pressure of immediate exploitation. Learn more about Patchstack’s protection.
Curious about integrating Patchstack into your stack? Book a discovery call.
