Wordpress has, admittedly, massive market momentum. The existing base of themes and plugins is very large. I have extensive experience developing Wordpress themes and plug-ins, often having to overcome the fundamental flaws of the Wordpress platform.

Wordpress is a powerful but fundamentally flawed code base that reflects an older generation of techniques in PHP programming. The performance is almost universally poor without extra work due to the lack of a core architecture based on caching from the ground up. Wordpress development is falling behind by not leveraging other more general PHP frameworks and implementing internal one-off code. The issues mentioned above contributes to chronic security vulnerabilities in Wordpress, this is an especially severe consideration when e-commerce or other financial operations are involved.

Drupal 8: What’s old is new again

Drupal is a venerable old platform for complex web properties. Drupal 6 and 7 shared many of the issues cited above that still plague Wordpress. However Drupal 8 is an almost complete rewrite from the ground up. The Drupal 8 platform leverages the Symfony project to provide foundational operations and components minimizing the need to reinvent the wheel.

The template engine employed in Drupal 8 is radically improved over the older versions of Drupal and other software including Wordpress. Drupal 8 employs the next generation HTML templating engine TWIG. The biggest impact is on security, with TWIG general PHP code is never mixed into the HTML template files. General purpose PHP code in templates is an opening for security vulnerabilities in many PHP based applications. The second massive advancement is decoupling the design of a web site from the underlying CMS application. The TWIG templates can be developed using the innovative Pattern Lab application to build all the templates showing static data. The real implementation of all the front end components and design can be completed even before the CMS comes into the picture. The ability to have a live mock-up that actually is the final template files before work is started in the CMS is huge for providing an authentic and testable example of the final site very early in the development process.

Finely, like the previous iterations of the platform, Drupal has incredible facilities for modeling structured content without custom PHP programming. The framework for creating complex forms is one of the most sophisticated graphical form creation tools on any platform. The Workflows framework allows for easy creation of complex publishing pipelines. The ability of Drupal 8 to run in “headless” mode opens up a wide range of new use cases for Drupal as a content management API that can be interfaced seamlessly with systems such as mobile applications and digital signage and kiosks. A comprehensive e-commerce framework has been developed that leverages all the advantages of Drupal for creating very sophisticated online retail systems.

Drupal 8 architecture was designed from the ground up to aggressively cache in as many cases as possible. Out of the box without specific performance optimizations Drupal has demonstrated a 10 to 50 times performance advantage over comparable sites built on Wordpress. And that is with far more sophisticated features to structure and display content enabled in Drupal.

Grav CMS: Light, fast and easy to maintain

Drupal is a massively capable platform but that would be overkill for a large percentage of web site projects. However many of these advantages are shared with the light and high performance CMS, Grav.

Grav CMS also leverages the Symfony framework for common web application functionality rather then duplicating effort. The TWIG template engine is used granting the same security advantages discussed above and the opportunity for rapid site design using the Pattern Lab tool.

Grav differs from both Drupal and Wordpress by being a flat-file CMS with no requirement of a database. This greatly simplifies management tasks such as backing up the site and deployment to a new server as everything is in files. Simple compression and expansion of archives is all that is needed for backup and migration operations.

Content in a Grav CMS web site is in a series of Markdown files opening up the opportunity to use any desktop or web application that generates Markdown. Simply upload the content into a Grav site and it will become accessible with minimal configuration.

In spite of functioning as almost a static HTML generator, and Grav performs almost as fast as static HTML, all the expected dynamic functionality of a CMS is there. Comprehensive content searching and user log-in capabilities are in the core Grav install. Additional plug-ins even implement complex operations like e-commerce all without a database.

The simple back-end management interface to Grav allows for very easy backup, content creation, installation and upgrading of add-on components. The administrative interface is optional if a truly minimal install is desired. A command-line tool is provided so that nearly every administrative operation can be completed through an SSH session. The management web interface would be quite familiar to users of Wordpress.


Wordpress is the most popular option for building web sites. With the network effect that is completely understandable. However, Wordpress is from an older era of web development practices and that results in a legacy of fundamental flaws that effect security and performance. The innovations of the Symfony framework and TWIG template engine address many of these issues so it is defiantly worth the effort to evaluate modern solutions outside the bounds of the Wordpress ecosystem.