Today entry is specially make for end of this month, Let see what professional say's.
Drupal CMS vs Joomla CMS Comparison
Here's a Drupal - Joomla shootout based on a feature matrix, lower down the page. We don't normally do this as you also need to explain the numbers, so it's not a foolproof system - it always needs the explanations. In addition you really need to compare like with like, otherwise the result can be meaningless.
Last updated: Q2 2011
PHP CMS comparison
However Drupal and Joomla are similar in many ways, so a direct comparison is much easier. Both are PHP - MySQL applications that can be used on shared hosting, and can be installed remotely. Both are in the brochure and community / news classes of CMS. Each also has at least one other area where it features strongly: Drupal for example as a multi-team teamwork CMS or a small / medium enterprise CMS, and Joomla as a multimedia publishing tool, news / magazine site, club site, or ecommerce CMS.
Best CMS for ACL
Drupal used to be far better for ACL, and also handles high page numbers better - but now Joomla has ACL, the competition has hotted up considerably. Drupal is generally a better choice for enterprise use, as it handles things like versioning better. It will also behave better when subjected to very high loads when extended.
Best CMS for ACL
Drupal used to be far better for ACL, and also handles high page numbers better - but now Joomla has ACL, the competition has hotted up considerably. Drupal is generally a better choice for enterprise use, as it handles things like versioning better. It will also behave better when subjected to very high loads when extended.
Joomla scores higher on more of the other factors however, meaning if it's a straight choice, you are probably better off with Joomla for the average website. Since most CMS actually in use have between 50 and 500 pages, both are suitable; but if you will have 10k pages on the website then it has to be Drupal.
update
The new Joomla 1.6 version with ACL has started down the long, long road of maturing into a usable CMS (a new major version upgrade that is completely different in many respects is effectively a new CMS - no plugins or templates from the last version are compatible, things work differently, and there will be many bugs to find and remove). At version 1.6.3 it is becoming more usable day by day, as the bugs are worked out and more plugins are converted to work with the new series. There are still very few templates. The 1.6 version does of course now have ACL and things are looking up. At first glance the new ACL system looks good and works well - but we have to use it more before a genuine appraisal can be given. Drupal has always had core ACL and it can be assumed to work better at this stage of play, with Joomla only just having introduced it.
Best visual CMS
One thing that needs to be flagged up because we are talking about a visual medium when discussing websites: Joomla is the best visual CMS around. Nothing can beat it in the appearance stakes, unless you go to a full-custom CMS like Umbraco or Radiant and spend a fortune on graphic art and developers. It's quicker and easier to get a great-looking site up with Joomla than with almost any other solution (in the world of full-feature CMS) - there is a choice of thousands of templates, which can be altered and customised without too much effort if you know some CSS. With a knowledge of CSS for CMS, and some gfx tools such as a colour picker and an app that can create jpeg and png artwork such as gradients and textures, you can rebuild a template to make it unique - and more easily than with any other popular template-based CMS.
Be aware, though, that this description applies in the main to the outgoing version of Joomla, v1.5, since the new 1.6 version has very few templates as yet. This is a major handicap at this point in time because one thing Joomla majors on is the visuals - and with few templates at Q2 2011, there are some drawbacks.
In contrast, Drupal templating doesn't win any prizes. The free templates available aren't great and there isn't a big choice in commercial ones. Modifying them is hard and you come up against issues like different template engines in different Drupal versions (which is the same as many CMS including J of course).
In contrast, Drupal templating doesn't win any prizes. The free templates available aren't great and there isn't a big choice in commercial ones. Modifying them is hard and you come up against issues like different template engines in different Drupal versions (which is the same as many CMS including J of course).
This statement probably needs some explanation. Drupal users are spread across v5, v6, and the fairly new v7. Most resources, including templates, are for v6. The v7 templates are neither numerous nor impressive. Joomla users are spread across v1.0, v1.5, and the new v1.6. Joomla 1.0, like Drupal 5, is now dead - although in many cases sites using them will never need to be upgraded as those sites function well and need no more development. There are some minor security issues in some cases, with these old versions, that need to be attended to by an expert, not the average webmaster.
As you can see, most resources are clearly available for Drupal 6 and Joomla 1.5, putting these versions more or less in the same boat: well supported but now inevitably on the way out, as new versions have supplanted them. Drupal 7 is slightly older than Joomla 1.6 and therefore better supported at this time (Q2 2011), but as the Joomla machine is much bigger, that situation will have changed by about Q4 2011.
Templates: the situation is quite similar for Drupal 7 and Joomla 1.6 at the moment - to be honest, not great. Drupal probably leads just now. By Q4 that will have changed and Joomla will be back in the lead.
Best CMS for ease of useThe best of all in terms of admin usability is WordPress, but of course it's a micro-cms and not a full solution. For fast, simple web publishing it's just about unbeatable but a full CMS does many other things. The easiest full-feature CMS for the end-user* (the site owner or webmaster) is Joomla - the admin usability is unbeatable. Drupal is not so good, and becomes much trickier to manage when any kind of ACL is used, as that always obfuscates things to a certain degree.
* The end-user of a CMS is the owner, not a website visitor - they just use the materials created by the CMS. It's exactly the same as a printing press: the end-user is the publisher, not a reader, as the publisher uses the tools every day and the readers just get to see the result. A reader might only ever see the result for a few seconds, but the publisher lives with the tools. Therefore CMS usability refers to admin usability, which is a completely different concept to website usability. A good or bad website for web usability (usability for visitors) can both be created by the same CMS as this is a design issue.
Most stable CMS
Drupal is the winner here because it scales well and is rock-solid under heavy load. When the server is pushed beyond its capacity, Drupal shuts off gracefully and doesn't crash. As soon as the server is back within its traffic capability, Drupal will handle all requests smoothly again. In other words, if your dedicated server can handle a maximum of 40,000 visits per day running Drupal, but some front-page exposure on a mega site gives you a big traffic spike to 60k on one day, then your server will be overloaded. This is not Drupal's fault, and it shuts off gracefully, meaning some requests are refused and receive a 'server overloaded' message. As soon as traffic goes down to within the server's capacity, the CMS accepts all requests again.Joomla can handle heavy loads of course, but does not scale as well. The description 'most stable CMS' implies the one that scales best, ie handles large numbers of plugins, high page numbers, and heavy loads best. Joomla is not as stable when heavily extended (lots of plugins).
Every CMS will slow down when heavily extended, so for max speed you keep a very close eye on the plugins. The more plugins you add, and the more complex your content (for example lots of videos, long pages of mixed content), the sooner you need to add another server. The fastest CMS has a few simple plugins and short pages of mainly text. High page number is not normally a stability issue by itself, only when combined with other factors.
Joomla isn't good at handling high page numbers due to the management controls [but this has improved in the new 1.6 version], but a Joomla site with 50,000 pages and high traffic is not in itself a problem. However if you combine this with a high content load (types of content that are not served easily and quickly) plus large numbers of plugins, the site will need servers adding more often than Drupal. And since it is easier to add 'high load' content to Joomla than to any other CMS, it follows that high-traffic Joomla sites may well have more high-load content than others.
Best CMS for high traffic
Both Drupal and Joomla handle high traffic well. There are plenty of sites of each that have over a million visits a month, which is more than 33,000 per day. This is mainly a hosting issue with these WCMS as they are both stable under heavy load when built and managed correctly. However it is true to say that there are more badly-managed Joomla sites than Drupal ones, for many reasons, including the fact that there must be at least 10 times as many Joomla sites. But when properly managed, a Joomla site will handle 3,000 visitors onsite at any one time and burn two terabytes of bandwidth a month, using multiple servers of course. It's down to the hosting and webmastering.
Load-balancing or the quality of a single-server solution are critical here. A single high-quality dedicated server of basic specification with 1GB of RAM will handle 33,000 visits a day running Joomla or Drupal. If your dedicated server will not handle this load there are two issues: the CMS is built or managed wrongly (or perhaps running as a super-extended solution), or the hosting is poor. It's not down to the CMS. For example a really well-managed single server running Drupal can handle over 100,000 visits a day - but this requires top-in-class server admin ability.
Load-balancing or the quality of a single-server solution are critical here. A single high-quality dedicated server of basic specification with 1GB of RAM will handle 33,000 visits a day running Joomla or Drupal. If your dedicated server will not handle this load there are two issues: the CMS is built or managed wrongly (or perhaps running as a super-extended solution), or the hosting is poor. It's not down to the CMS. For example a really well-managed single server running Drupal can handle over 100,000 visits a day - but this requires top-in-class server admin ability.
We've heard all sorts of excuses from hosts as to why their servers couldn't provide a good level of service (both for shared-hosting and for dediboxes) but there is only one answer: move to a better host. The cost is irrelevant, some of the worst hosts are the most expensive and have the best advertising. Vote with your feet.
One fact you will learn when you have managed many CMS sites at many hosts is that there are a lot of hosts but few who are really good at hosting high-traffic dedicated servers for CMS; and high cost is absolutely no indicator of ability. Highly loaded sites need their own server tech in any case, in addition to or even instead of the host's tech support.
One fact you will learn when you have managed many CMS sites at many hosts is that there are a lot of hosts but few who are really good at hosting high-traffic dedicated servers for CMS; and high cost is absolutely no indicator of ability. Highly loaded sites need their own server tech in any case, in addition to or even instead of the host's tech support.
Easiest CMS to learn
Joomla wins this one. It's partly down to the nice admin, and the fact that everything you need is clearly presented in the admin panel. Then there is the range of books and PDFs available, or even training courses if you need one. But mainly it's down to the fact that Joomla management is the best, and the things you most need to know how to do are easy to find and work with.Of course there are some strange bugs that will floor you at first, until you get to know the CMS - but this applies to all WCMS in any case. At least with Joomla the resources are there, so a solution is out there for those who can do the research.
Maybe it would be a good idea to remind people at this point that learning a CMS is not like taking a school course where everything you could possibly need is provided for you. You have to do the research and accumulate the resources yourself. In modern life, we expect to be given everything on a plate, and either complain bitterly or just back out if things get too tough. Learning to manage a CMS will not suit people who aren't self-starters and capable of doing the research off their own bat.
The toughest time for a learner will be the first week because all the biggest problems crop up then. Sometimes there seem to be no answers to obvious questions - for example there are no templates available or even mentioned on the central Joomla site, which to be honest is a crazy situation. But you just need to google for them, and then you'll find plenty.
Then you will get tied in a knot working out how to fix default settings that mainly apply to a blog (which would apply to about 1% of new Joomla sites) and are hard to find and remove. Later you'll need to select all except 8 pages out of 497 to apply a module to, and wonder where that control is. The answer is, it doesn't exist*, which is why Joomla isn't great with a lot of pages - some obvious management controls aren't there and the core devs can't see it because they are too close.
* This has been fixed at long last in v1.6 now, possibly due to our years of complaining :-)
The hardest time is right up front though, so if you get past that you'll be OK. And Joomla is a walk in the park compared to the other big names like Plone and eZ Publish. Drupal is a fair bit tougher than Joomla as the admin needs to take account of complex ACL and isn't arranged as well. In addition, the chaos of the central Drupal website doesn't help at all when starting out. There are some glaring issues with the Joomla site (such as no templates in the Extensions directory, and worse than that, no mention of why) - but the Drupal site is far worse in all respects. It desperately needs a real website manager as developers are among the worst people to manage usability issues - they know all the answers and cannot comprehend others' problems.
TCO Drupal vs Joomla
Total Cost of Ownership for both Drupal and Joomla is among the lowest of all mass-market CMS. This is because they are open-source PHP webapps that can be remotely installed on a shared server and have more free or cheap plugins than competitors. Support is inexpensive for Joomla, though it costs more for Drupal as it is a smaller market and aimed more at medium enterprise use. In theory there are cheaper CMS to run, such as CMS Made Simple for example, but both Joomla and Drupal are in a different class as far as functionality goes.Joomla wins out here but if you need granular ACL* and high-load with high page number stability, Drupal is the best choice. In either case, costs are a fraction of those for Plone for instance, and compared to something like Vignette the costs are minuscule, plus for some user profiles the results would be better as well.
* To be honest we don't know the full story on the new Joomla 1.6 series ACL capability. At this stage we're assuming that Drupal's is still the better, due to its long history.
Joomla vs Drupal feature matrix
Here is a short feature matrix with scores out of 5.| # | function | Drupal | Joomla |
| 1. | ACL | 4 | 3 |
| 2. | media capability | 3 | 5 |
| 3. | template factors | 2 | 5 |
| 4. | plugins | 2 | 5 |
| 5. | SEO | 4 | 5 |
| 6. | ecommerce | 2 | 4 |
| 7. | high traffic | 5 | 4 |
| 8. | stability | 5 | 3 |
| 9. | high page numbers | 4 | 3 |
| 10. | admin usability | 3 | 5 |
| 11. | icommerce viability | 5 | 5 |
| 12. | security | 5** | 5** |
| -negatives- | |||
| 13. | annoying issues | 3 | 3 |
_____________________________________________
In brief:
Drupal CMS -- best ACL, high page numbers, stability.
Not so good on templating, visuals, sysadmin usability.
Solid code, gets more plaudits from other developers than Joomla's.
SEO is good.
Joomla CMS -- best on features, media capability, repurposing, templating, visuals, admin usability, ecommerce.
The new core ACL system is not fully tested yet.
Drupal CMS -- best ACL, high page numbers, stability.
Not so good on templating, visuals, sysadmin usability.
Solid code, gets more plaudits from other developers than Joomla's.
SEO is good.
Joomla CMS -- best on features, media capability, repurposing, templating, visuals, admin usability, ecommerce.
The new core ACL system is not fully tested yet.
High page number capability has definitely improved in the new 1.6 version but Drupal still wins here.
SEO is very good, and in practice better than Drupal.
_____________________________________________
Explanation
The scores are out of 5, where 5 is the highest and best. A low score, even for negative aspects, indicates poor performance.
A score of 5 means excellent, hard to improve that area. A 4 score means good, but other WCMS do it better. A score of 1 means very poor performance.
1. ACL means group roles - choosing people out of the various registered user levels and allocating them other privileges. The most common example is the ability to see or edit a section or selected pages. Drupal is good here - Joomla used to be poor but has just taken a giant leap with their new version, finally incorporating core ACL. It looks good but is currently not fully tested. In practice this means both are suited to small / medium enterprise use, where two or more teams or departments own their own sections, or for large community use as the requirements are similar - but at this stage Drupal's ACL system is proven capable for granular (complex) set-ups whereas Joomla is just entering this field.
The scores are out of 5, where 5 is the highest and best. A low score, even for negative aspects, indicates poor performance.
A score of 5 means excellent, hard to improve that area. A 4 score means good, but other WCMS do it better. A score of 1 means very poor performance.
1. ACL means group roles - choosing people out of the various registered user levels and allocating them other privileges. The most common example is the ability to see or edit a section or selected pages. Drupal is good here - Joomla used to be poor but has just taken a giant leap with their new version, finally incorporating core ACL. It looks good but is currently not fully tested. In practice this means both are suited to small / medium enterprise use, where two or more teams or departments own their own sections, or for large community use as the requirements are similar - but at this stage Drupal's ACL system is proven capable for granular (complex) set-ups whereas Joomla is just entering this field.
Note that ACL is not automatically a good thing. If you don't need it, it needs to be invisible, because it complicates the hell out of things. Take a look at this J ACL tute and maybe you will start to understand: Joomla ACL Tutorial
2. Media capability is not Drupal's strong point. This is basically down to plugins and Drupal isn't there yet. In contrast Joomla is the king of rich media publishing, with 100 plugins just for streaming media, for example. But note: this applies to the older 1.5 version, the new v1.6 has some catch-up to do before it is anywhere near as capable. In CMS, 'capability' is down to the plugins as much as anything else - so check that J1.6 has the plugins to do what you need, before signing up. It will be another year (at Q2 2011) before it is 'fully loaded'.
3. Templating may not seem important, until you install and maintain many different types of CMS. It becomes a major issue then. Joomla can't be beaten as it probably has the best system in CMS, and also the most templates available - uncountable thousands of them. Drupal has far less and the template system is very clunky, being much harder to use. Again, though, you need to take into account the fact that J1.6 is new and therefore has few templates as yet.
4. Drupal has more plugins than it used to, but far less than Joomla. One reason for this is that there are several versions of Drupal currently in use (v5, v6, v7), and the plugins are split between all the versions - many only run on one version.
A webapp needs 2,000 before it is well-supported, and both comply here. Joomla is the king of plugins, with more than any other CMS - probably around 10,000. The vast range of free and commercial plugins has been one of the main driving forces behind Joomla. It means you can do a very large number of jobs with it, even as far as repurposing the CMS successfully - for example as a news portal, as a media site, as a membership site, as a directory site, as an ecommerce CMS, and so on.
The latest version of Joomla, 1.6, has few plugins as yet - so that's something to watch out for. The 1.5 version is fully-supported. The same problem exists for Drupal 7 but is not as acute.
5. Joomla's SEO capability is about equal to the best in CMS, though not 100% perfect - the codebase layout is still steam age, on a mix of divs and tables, although luckily this does not have a severe impact on SEO. You can place it at G. #1 with no problem at all, in the toughest company. All the plugins you need to fix CMS SEO are here. In theory Drupal is better due to the modern code layout on pure divs and CSS, but it falls down in other areas slightly - mainly due to a lack of extensions, since that governs everything in CMS. Drupal will place at #1 in the SERPs - but it's a little easier with Joomla.
6. Drupal's ecommerce support is not yet as good as Joomla's, though improving fast. This area depends on plugins and Drupal is weaker here. Joomla has an excellent choice of ecommerce plugins including a full-on ecommerce CMS version, Virtuemart. However this isn't fully developed yet since an ecommerce CMS is the most complex webapp there is. There is also the fact that since Joomla is not as well equipped to handle high page numbers as Drupal, it means that product numbers in the ecommerce backend are best limited to about 2,000 or less - 5k or 10k would be a headache.
6. Drupal's ecommerce support is not yet as good as Joomla's, though improving fast. This area depends on plugins and Drupal is weaker here. Joomla has an excellent choice of ecommerce plugins including a full-on ecommerce CMS version, Virtuemart. However this isn't fully developed yet since an ecommerce CMS is the most complex webapp there is. There is also the fact that since Joomla is not as well equipped to handle high page numbers as Drupal, it means that product numbers in the ecommerce backend are best limited to about 2,000 or less - 5k or 10k would be a headache.
However, at Q2 2011, this entire situation is extremely fluid because the new J1.6 series is not fully supported - meaning things are much more equal; and Drupal may even have the advantage at this point.
7. High traffic is one of the 3 factors in the "Does it scale?" question - the other two are high page numbers and stability (see next items). Both of these webapps handle high traffic with no problem. There are plenty of Drupal and Joomla sites with over 33k visits per day, ie over a million a month. And of course if you can go this high then depending on the load-balancing arrangements you can just keep scaling up. Drupal probably has the edge as this factor has been considered in the core code, but multi-site / load balancing is a plugin job for Joomla. However it's likely that if you try and turn any CMS, including these, into a fatboy - with lots of heavyweight extensions - then it will slow up or go unstable. Moderation is the key.
8. Stability is another scaling factor. Drupal is notably solid here. Joomla is OK but will get flaky with too many plugins, or with incompatible ones, when exposed to high loads. Because there is such a wealth of plugins for Joomla, installed with a couple of clicks in many cases, there is a temptation to overload it. Many plugins are not of the highest quality. In addition, you just cannot add plugins in any sequence, the CMS must be extended in a proven good sequence.
Note, though, that the core CMS with a few solid plugins will take very high loads with no trouble - problems are caused by mismanagement.
9. Drupal wins the high page number contest, as it will handle as many as the database will take, which is probably 50,000 on a MySQL DB, for safe operation*. Any higher and more DBs are needed. Joomla doesn't scale here at all as this is not its designed area - up to 1,000 pages is fine and up to 10k is at least possible though not pleasant. In theory of course, the page numbers are unlimited; but in practice, although Joomla will take this sort of page number, managing the CMS becomes hard. It might work for example if all pages had the same attributes - which is unlikely in a CMS.
* In normal use you would want to limit a database to 50k inodes**, maybe 100k max, and any form of instability / slowdown on a site running off a DB larger than this points to a need for multi-DB operation.
** An inode is any single item of any kind.
10. Usability counts for a lot if you are the webmaster, and admin usability can be poor for many CMS. Joomla is notably easy to use, though Drupal comes in a bit lower. It will be much easier to handle if no ACL is utilised on a site, since admin usability takes a dive whenever ACL is introduced - everything gets far more complex. 'Manageability' gets more important as page numbers and site complexity rise. Joomla wins because some critical factors here are better - for example, locating one page out of 1,000 is easier in Joomla; changing page configurations so that certain modules display on certain pages is easier in Joomla. These small details and many like them make life much easier for the webmaster. Usability is highly important (and this means usability for the site admin) - and Joomla wins.
11. Usefulness for online business, icommerce, is an important factor. Both Drupal and Joomla are firm favourites in the business world because they are of high quality, economical to use, easily supported, secure, and notably problem-free compared to other offerings. Note that a top open-source application is not a 'cheap' option - it is believed that Joomla CMS, for example, would have cost over $5 million to develop commercially. The best of these applications clearly outshine many commercial rivals, which have been developed for a tiny fraction of that investment. Another advantage is that these big OSS projects have a long history, in web terms - and that is absolutely crucial for eliminating security issues.
A new CMS may be of good quality, but until it is two years old there will be many exploits to be found. Developers cannot find these holes - the web finds them.
12. ** CMS security depends on several factors:
8. Stability is another scaling factor. Drupal is notably solid here. Joomla is OK but will get flaky with too many plugins, or with incompatible ones, when exposed to high loads. Because there is such a wealth of plugins for Joomla, installed with a couple of clicks in many cases, there is a temptation to overload it. Many plugins are not of the highest quality. In addition, you just cannot add plugins in any sequence, the CMS must be extended in a proven good sequence.
Note, though, that the core CMS with a few solid plugins will take very high loads with no trouble - problems are caused by mismanagement.
9. Drupal wins the high page number contest, as it will handle as many as the database will take, which is probably 50,000 on a MySQL DB, for safe operation*. Any higher and more DBs are needed. Joomla doesn't scale here at all as this is not its designed area - up to 1,000 pages is fine and up to 10k is at least possible though not pleasant. In theory of course, the page numbers are unlimited; but in practice, although Joomla will take this sort of page number, managing the CMS becomes hard. It might work for example if all pages had the same attributes - which is unlikely in a CMS.
* In normal use you would want to limit a database to 50k inodes**, maybe 100k max, and any form of instability / slowdown on a site running off a DB larger than this points to a need for multi-DB operation.
** An inode is any single item of any kind.
10. Usability counts for a lot if you are the webmaster, and admin usability can be poor for many CMS. Joomla is notably easy to use, though Drupal comes in a bit lower. It will be much easier to handle if no ACL is utilised on a site, since admin usability takes a dive whenever ACL is introduced - everything gets far more complex. 'Manageability' gets more important as page numbers and site complexity rise. Joomla wins because some critical factors here are better - for example, locating one page out of 1,000 is easier in Joomla; changing page configurations so that certain modules display on certain pages is easier in Joomla. These small details and many like them make life much easier for the webmaster. Usability is highly important (and this means usability for the site admin) - and Joomla wins.
11. Usefulness for online business, icommerce, is an important factor. Both Drupal and Joomla are firm favourites in the business world because they are of high quality, economical to use, easily supported, secure, and notably problem-free compared to other offerings. Note that a top open-source application is not a 'cheap' option - it is believed that Joomla CMS, for example, would have cost over $5 million to develop commercially. The best of these applications clearly outshine many commercial rivals, which have been developed for a tiny fraction of that investment. Another advantage is that these big OSS projects have a long history, in web terms - and that is absolutely crucial for eliminating security issues.
A new CMS may be of good quality, but until it is two years old there will be many exploits to be found. Developers cannot find these holes - the web finds them.
12. ** CMS security depends on several factors:
- Security of the core application
- Security of the plugins
- Quality of the hosting
- Experience of the webmaster
- Diligence of the webmaster
If any of these are deficient then the CMS may be exploited. Everyone is aware that the core app needs to be strong, and needs to be very well-supported by good developers in the team responsible for security - there are so many potential attack vectors in these applications.
People don't seem to appreciate how vulnerable poorly-coded plugins can make a CMS. Since Joomla has so many, coded by perhaps less-experienced developers, it follows that there can be issues here. Therefore you should check the security rating of any proposed plugin at the central .org site's security / plugin section.
The diligence of the host plays a crucial part - security is one of the most important things you pay them for, and the main reason why you should not entertain ideas of self-hosting a CMS. The hosts largely contribute to many CMS exploits; and if you don't understand this you should perhaps consider the case of the server we looked at last year that was running PHP3. Needless to say, it was a malware farm. The hosts were entirely responsible for this amazing state of affairs.
A webmaster is someone who is paid to ensure the site works properly, and part of the duties are to keep an eye on security. A CMS needs a webmaster, preferably an experienced one. We all learn by our mistakes - but an enterprise CMS with a novice webmaster is a disaster waiting to happen.
Both Drupal and Joomla core apps are secure by any measurement. Drupal is well-coded and solid, and Joomla has had the benefit of a long running-in period and a monster user-base (by far the largest in WCMS, with about 10 million downloads). Due to the vast numbers of Joomla livesites, it is the most heavily-attacked CMS in existence. The fact that there are so few successful exploits - which are immediately patched - under this weight of assaults, means its security is exemplary. But note the previous points: if you personally expose your CMS to exploits, by using poorly-coded plugins, the cheapest hosting, and webmastering it yourself when you know little about PHP and MySQL security - whose fault will it be if / when it is hacked?
All web applications have been exploited once or more, of course - there is no such thing as a webapp that has always been invulnerable. This applies to Apache, all Linux server OSs, Windows Server, all SQL applications, and everything else - but the key is how quickly the holes were patched and how likely it is that more will be found. With either of these two CMS the risks are low. To be more secure than this the CMS would need to run compiled code, use an obscure DB with few known exploits, and have a long background in order to have had the holes patched. There aren't many like this and you would certainly have to multiply your costs by 1,000 in order to run one.
Both are among the most secure of all CMS. However, an instance of either that is installed:
- without regard for security
- has plugins added without checking their security rating
- is not continually updated both for the core and for the plugins
- is on hosting chosen for cheapness or without regard to security
- has an inexperienced webmaster who is not conscientous
...will be insecure - without a doubt. So security is ultimately dependent on the webmaster.
The last of the first version series, Joomla 1.0.15, had all its issues resolved and was a good choice for a time, during the period when 1.5 was maturing. The next version, 1.5.1 onward, had multiple exploits during its maturation period, as you would expect in any new CMS of course - it is impossible to describe any new CMS as secure if it is less than two years old, and this includes major new versions. Now that the introductory 2-year period is over, 1.5 (and this means from 1.5.23 onward) is a safe and secure choice. Earlier versions needed fast patching every now and then. Now we have an entirely new version, which currently is at 1.6.3 - and the whole process starts over.
People don't seem to appreciate how vulnerable poorly-coded plugins can make a CMS. Since Joomla has so many, coded by perhaps less-experienced developers, it follows that there can be issues here. Therefore you should check the security rating of any proposed plugin at the central .org site's security / plugin section.
The diligence of the host plays a crucial part - security is one of the most important things you pay them for, and the main reason why you should not entertain ideas of self-hosting a CMS. The hosts largely contribute to many CMS exploits; and if you don't understand this you should perhaps consider the case of the server we looked at last year that was running PHP3. Needless to say, it was a malware farm. The hosts were entirely responsible for this amazing state of affairs.
A webmaster is someone who is paid to ensure the site works properly, and part of the duties are to keep an eye on security. A CMS needs a webmaster, preferably an experienced one. We all learn by our mistakes - but an enterprise CMS with a novice webmaster is a disaster waiting to happen.
Both Drupal and Joomla core apps are secure by any measurement. Drupal is well-coded and solid, and Joomla has had the benefit of a long running-in period and a monster user-base (by far the largest in WCMS, with about 10 million downloads). Due to the vast numbers of Joomla livesites, it is the most heavily-attacked CMS in existence. The fact that there are so few successful exploits - which are immediately patched - under this weight of assaults, means its security is exemplary. But note the previous points: if you personally expose your CMS to exploits, by using poorly-coded plugins, the cheapest hosting, and webmastering it yourself when you know little about PHP and MySQL security - whose fault will it be if / when it is hacked?
All web applications have been exploited once or more, of course - there is no such thing as a webapp that has always been invulnerable. This applies to Apache, all Linux server OSs, Windows Server, all SQL applications, and everything else - but the key is how quickly the holes were patched and how likely it is that more will be found. With either of these two CMS the risks are low. To be more secure than this the CMS would need to run compiled code, use an obscure DB with few known exploits, and have a long background in order to have had the holes patched. There aren't many like this and you would certainly have to multiply your costs by 1,000 in order to run one.
Both are among the most secure of all CMS. However, an instance of either that is installed:
- without regard for security
- has plugins added without checking their security rating
- is not continually updated both for the core and for the plugins
- is on hosting chosen for cheapness or without regard to security
- has an inexperienced webmaster who is not conscientous
...will be insecure - without a doubt. So security is ultimately dependent on the webmaster.
The last of the first version series, Joomla 1.0.15, had all its issues resolved and was a good choice for a time, during the period when 1.5 was maturing. The next version, 1.5.1 onward, had multiple exploits during its maturation period, as you would expect in any new CMS of course - it is impossible to describe any new CMS as secure if it is less than two years old, and this includes major new versions. Now that the introductory 2-year period is over, 1.5 (and this means from 1.5.23 onward) is a safe and secure choice. Earlier versions needed fast patching every now and then. Now we have an entirely new version, which currently is at 1.6.3 - and the whole process starts over.
If running the new version, you MUST subscribe to the security email bulletins and check the situation daily, patching as required - currently to 1.6.3. If patched it is not vulnerable until the next exploit is found and publicised - at which point you need the next patch. Security is dependent on the webmaster - if the CMS is not patched it is exploitable. If you have a new Joomla version that is not upgraded to 1.6.3 then it can be hacked(as is the case for Drupal 7 of course: you need to be at 7.0 from 2011-01-5 now).
13. Both have their share of issues - there is no such thing as a webapp that doesn't. You can live with the problems these have, though. Both have version issues at present: Drupal is split between the 5, 6 and 7 series, as is Joomla between the 1.0, 1.5 and 1.6 series. In both cases the later, current series does not have full support, ie by plugin authors or users, though D7 is ahead of J1.6. The earlier versions of both are finally redundant now, though. The fully-supported versions are J 1.5 and D 6.
The last version of the older Joomla 1.0 series, J1.0.15 has the distinction of being the most fully-sorted CMS there is, so that many users are happy to stay with that version for the time being. In fact there is a good case for stating that mature Joomla 1.0.15 sites with no need for additional functionality might never need to be patched or upgraded.
These are all common issues in CMS. Apart from that, there are minor bugs, but nothing that could be called a deal-breaker.
[update - Q1 2010]
Drupal 6 now has all the most useful plugins updated (CCK for example) and is a better choice than Drupal 5.
Joomla 1.5 is still being exploited regularly, though much less often than before, so patches need to be applied immediately they come out. Also - finally - the plugins have at last equalled and overtaken those for the 1.0 series. It took over 2 years for this to happen and is a big relief.
[update - Q1 2011]
Drupal 6 is the version to run with, now. D7 is too new as yet.
Joomla 1.5.22 is the version to use now. J 1.6 has little support as yet. Great things are expected of it as it finally includes core ACL.
Joomla 1.5.22 is the version to use now. J 1.6 has little support as yet. Great things are expected of it as it finally includes core ACL.
[update - Q2 2011]
D7 is now the one to go with.
J1.6.3 is looking good, but with few templates and plugins as yet.
J1.6.3 is looking good, but with few templates and plugins as yet.
J1.5.23 is the last version of the old series and still a solid choice if you must have a full range of plugins to accomplish your tasks.
Quality Score
One item we didn't include is a quality score. That's because to some extent this is subjective and it is tough to explain why one app scores higher or lower than another. We would rate quality as a total of all the factors listed, plus standards compliance in all areas, plus generated web page code quality, plus the code quality of the application. Both of these web content management systems are of high quality and probably rate a 4 out of 5.
Neither rates a 5 because there are areas that could be improved. Developers who work with both have clearly stated that each has areas in their application code that could be improved; web page code quality has room for improvement; and standards-compliance is not absolutely perfect. In practice there are very few WCMS indeed that could beat either in a quality score, but that makes no difference to the fact they are not perfect.
One item we didn't include is a quality score. That's because to some extent this is subjective and it is tough to explain why one app scores higher or lower than another. We would rate quality as a total of all the factors listed, plus standards compliance in all areas, plus generated web page code quality, plus the code quality of the application. Both of these web content management systems are of high quality and probably rate a 4 out of 5.
Neither rates a 5 because there are areas that could be improved. Developers who work with both have clearly stated that each has areas in their application code that could be improved; web page code quality has room for improvement; and standards-compliance is not absolutely perfect. In practice there are very few WCMS indeed that could beat either in a quality score, but that makes no difference to the fact they are not perfect.
As an example, you can build a CMS using either of these to AAA (Level 3) accessibility level, and this in itself is an indicator of the highest quality. Many, if not most, commercial CMS could not achieve this as their quality is too poor. You can see this easily if you check the index page of their central sites at the W3C code validator - the main page of a CMS's developers should not have 30 or 40 code errors, demonstrating both a lack of skill and a lack of appreciation of quality issues. This however seems to be situation:normal for many out there.
Best CMS with ACL
A common question is "What is the best CMS with ACL?".
In the world of content management systems there is no 'best', as the user requirements are what makes any given CMS a good fit. As an obvious example, the 'best' at any job might be one with a price tag of $50,000. Would you still be interested? Or if the 'best' one is open-source but needs a dedicated server with a special compiled routine to implement it (meaning that you would have to have physical access to the server, and be an experienced Linux server tech) - would that suit you? Possibly not.
So 'best CMS with ACL' is yet another of these impossible questions to answer.
However - if you require an open-source application, for use on a standard shared server, easily installed remotely, with enough plugins to do many jobs, with low running costs (depending on your requirements), and with very good community resources - then Drupal would be your #1 choice. eZpublish and Plone are the next candidates, cost-wise, but do not accord with several of those conditions.
But Joomla has entered the fray now, and it rarely does anything badly. With core ACL now available, you can do many jobs with it that previously needed Drupal. It's probably true to say that for fully granular ACL, Drupal will prove better, but for all normal ACL tasks - one person or group to be able to edit one page or category, for example - then Joomla is now a contender. That changes the game considerably, as you can now specify it where before Drupal was the best choice, since the Joomla ACL plugins were never 100% smooth.
So 'best CMS with ACL' is yet another of these impossible questions to answer.
However - if you require an open-source application, for use on a standard shared server, easily installed remotely, with enough plugins to do many jobs, with low running costs (depending on your requirements), and with very good community resources - then Drupal would be your #1 choice. eZpublish and Plone are the next candidates, cost-wise, but do not accord with several of those conditions.
But Joomla has entered the fray now, and it rarely does anything badly. With core ACL now available, you can do many jobs with it that previously needed Drupal. It's probably true to say that for fully granular ACL, Drupal will prove better, but for all normal ACL tasks - one person or group to be able to edit one page or category, for example - then Joomla is now a contender. That changes the game considerably, as you can now specify it where before Drupal was the best choice, since the Joomla ACL plugins were never 100% smooth.
Best CMS for ROI
This is one of the few 'Best...?' questions in CMS that is easy to answer. The clear winner, whatever way you look at it, is Joomla. Costs are very low, due to the immense user base (10 million downloads), and benefits are superb, however you want to measure them. Adding these together, combined with the ease of operation and low cost of ownership, means the Return On Investment is unbeatable. Joomla has the lowest TCO and the best ROI.Drupal is a valid competitor because of the PHP - MySQL base, which is the least costly in CMS to own. In addition the plugins are of a similar cost, eg free or low-cost. However Drupal webmastering costs more as it is a more complex application.
In the end Joomla's ROI is better, partly because of this. However, costs for either are spectacularly low compared to benefits and potential results, and compared with other CMS.
Drupal and Joomla clever bits
There are one or two things these CMS do really well, maybe minor points perhaps, but they add to the value.Drupal -
Rock-solid stability, and the graceful shutdown - if you experience a DDOS or a load spike of 5,000 visitors online, the CMS just shuts down gracefully with a "Drupal has experienced an operational error" message or similar - no 500 crashes, server offline etc.
The built-in SEF URLs of any shape or wording you want.
The comments system on articles, which if you enable it, is superb (and very well protected against spam by Mollom).
Joomla -
The excellent admin backend, so easy to use even compared to micro-CMS examples, and an order of magnitude better than some competitors.
The fabulous templating, which makes even beginners' efforts look good if they buy the right template.
The capable plugins, like Kunena forum, and the sh404SEF URL / meta / security plugin that controls so many things perfectly.
Joomla and Drupal bugs
All webapps have them so there's no point in pretending they don't exist.
Drupal -
The hard-work templating.
The tricky module to page allocation system.
The lack of a core method to locate pages easily in admin.
The crude frontend-based admin system.
The very poor native forum [because a core forum option is available, people may assume it is a good idea to use it - bad mistake].
Drupal -
The hard-work templating.
The tricky module to page allocation system.
The lack of a core method to locate pages easily in admin.
The crude frontend-based admin system.
The very poor native forum [because a core forum option is available, people may assume it is a good idea to use it - bad mistake].
Joomla -
The frontpage / ItemID issue [we don't yet know if this has been fixed in the new 1.6 series].
The frontpage / ItemID issue [we don't yet know if this has been fixed in the new 1.6 series].
The poor scaling, due to module / menu issues with high page numbers.
The obsolete pagecode layout that still includes tables.
Security and stability issues with some plugins.
The obsolete pagecode layout that still includes tables.
Security and stability issues with some plugins.
Conclusion
Drupal used to be the right choice if the publishing task involves ACL, ie different groups, but this has changed as Joomla now has this feature. At present we have to assume that Drupal will still have a superior granular ACL capability as that seems a reasonable stance until more testing is done. It is still the best choice when high page numbers are anticipated because of its stability - but the truth is, both of these CMS need better management of page attributes when a high page count is involved.
Drupal used to be the right choice if the publishing task involves ACL, ie different groups, but this has changed as Joomla now has this feature. At present we have to assume that Drupal will still have a superior granular ACL capability as that seems a reasonable stance until more testing is done. It is still the best choice when high page numbers are anticipated because of its stability - but the truth is, both of these CMS need better management of page attributes when a high page count is involved.
Drupal is going to be a better choice for medium / large enterprise use because the requirements in this area (versioning etc) are core functions, and do not exist in the J core.
Joomla is the best rich media publishing tool in existence, so it's the right choice when you need top-class visuals, multimedia capability, excellent templates from stock, good ecommerce support, and certainly for easier management by a less experienced team. However it has to be said that the new J1.6 version has poor support at present (Q2 2011) e.g. templates and plugins, so you will need to be sure that your particular task can be accomplished with the current level of support.
Joomla is the best rich media publishing tool in existence, so it's the right choice when you need top-class visuals, multimedia capability, excellent templates from stock, good ecommerce support, and certainly for easier management by a less experienced team. However it has to be said that the new J1.6 version has poor support at present (Q2 2011) e.g. templates and plugins, so you will need to be sure that your particular task can be accomplished with the current level of support.
Intrinsic quality is excellent for both - each can easily beat many (perhaps even most) commercial offerings in the quality stakes, as is easily checked by looking at the page source code, validation results, and accessibility scores. You can build a CMS to AAA accessibility for example, which is a quality level that is simply out of reach for the majority of commercial software.
P/s : i do not own this article . it's a mere copy from real site (Click Here )
No comments:
Post a Comment