Drupal
Drupal is a free, open-source content management system (CMS) and framework written in PHP, distributed under the GNU General Public License, and designed for building customizable websites and digital applications ranging from simple sites to complex, scalable platforms.[1][2] Originally created by Belgian developer Dries Buytaert in 2000 as a bulletin board system for his university, Drupal's first official release came in January 2001, evolving from a personal project into a collaborative open-source initiative driven by community contributions.[3][4] Its modular architecture, built on the LAMP stack (Linux, Apache, MySQL, PHP), separates content storage (via nodes in a database) from presentation and functionality, allowing extensive extensibility through over 50,000 modules and 3,000 themes that add features like user authentication, SEO optimization, and e-commerce capabilities.[2][1] Key strengths include reliable performance, enterprise-grade security with regular updates, multilingual support, and accessibility compliance, making it suitable for high-traffic environments.[1] As of November 2025, the latest stable release is Drupal 11 (version 11.2.8), which emphasizes composable architecture for headless and decoupled experiences, while Drupal 10 remains widely used with security support until late 2026.[5][6] Drupal powers approximately 1.1% of all known websites globally, with a stronger presence among top-tier sites—used by about 7.2% of the world's top 10,000 websites[7]—and is adopted by notable entities including government agencies (e.g., the U.S. federal government, City of London), media organizations (e.g., BBC, NBC), and institutions (e.g., Amnesty International, University of Oxford).[8][9][1] The platform is sustained by a vibrant community of over 1 million contributors, including developers, designers, and content creators, who collaborate through events like DrupalCon and contribute to its ongoing innovation.[1]Overview
Definition and Purpose
Drupal is a free and open-source content management platform (CMS) and framework designed for building websites, web applications, and digital experiences.[2] It enables users to create and manage online content efficiently, serving as a flexible tool for both simple personal sites and complex enterprise solutions.[10] The primary purposes of Drupal include content authoring, site building, user management, and providing scalability from small blogs to large-scale enterprise websites.[11] Its modular design allows for extensive customization through the addition or removal of features, supporting structured content creation, automated workflows, and seamless integration with external services.[11] Drupal powers approximately 336,000 websites worldwide, representing 1.1% of all known CMS-powered sites and 7.3% of the top 10,000 websites globally, as of November 2025.[8] Notable users include government and corporate entities.[1] In recent versions, Drupal has evolved to adopt an API-first approach, facilitating headless and decoupled architectures where content can be accessed and delivered across multiple front-end platforms via robust APIs.[12]Licensing and Development
Drupal is distributed under the terms of the GNU General Public License (GPL), version 2 or later, which ensures that users have the freedom to run, study, share, and modify the software without any licensing fees.[1] This open-source license applies to Drupal core as well as all contributed modules, themes, and files hosted on Drupal.org, promoting a collaborative ecosystem where derivatives must also be released under compatible open licenses.[13] The development of Drupal is led by the Drupal Association, a non-profit organization dedicated to fostering the growth of the Drupal community and maintaining key infrastructure like Drupal.org.[14] Contributions come from a global community of users and developers, with thousands of individuals and organizations actively participating through the platform's issue queues and Git repositories.[15] The governance structure includes core committers, who collectively decide on improvements to Drupal core and manage code integration into release branches, alongside initiative leads who oversee specific development areas.[16] Releases are coordinated via Git for version control and the issue queue system on Drupal.org for tracking bugs, features, and patches.[17] To maintain code quality, Drupal enforces strict contribution guidelines, including adherence to coding standards, mandatory peer review for patches, and requirements for automated testing coverage.[18] Contributors submit changes through the issue queue, where they undergo community feedback and testing before potential commitment by core maintainers.[19] The Drupal Association sustains its operations and supports development through various funding sources, including organizational memberships, corporate sponsorships, and revenue from events such as DrupalCon conferences.[20] These resources enable investments in community programs, infrastructure enhancements, and grants that bolster global participation in Drupal's evolution.[21]History
Origins and Early Development
Drupal was founded in 2000 by Dries Buytaert, a student at the University of Antwerp in Belgium, along with Hans Snijder, to address the need for a reliable internet connection and a simple communication platform among dorm residents.[3] The project began as a basic message board website, initially without a formal name, intended to facilitate sharing updates and discussions within the dormitory.[22] The name "Drupal" originated accidentally; Buytaert intended to register the domain "dorp.org" (Dutch for "village"), but a typo resulted in "drop.org," and later, drawing from the Dutch word "druppel" meaning "drop," the software was named Drupal in January 2001, pronounced "droo-puhl."[3] The initial release, Drupal 1.0, arrived on January 15, 2001, as an open-source content management system built primarily on PHP, functioning as a straightforward bulletin board system with basic features like user roles, caching mechanisms, and initial taxonomy support via the meta.module.[23] Early development progressed rapidly through versions 2.0 (March 15, 2001) and 3.0 (September 15, 2001), which introduced enhancements such as user ratings inspired by Slash, a karma/mojo system drawn from Scoop, forums, blogs, polls, database abstraction for improved portability, and a node-based content structure.[23] By version 4.0, released on June 15, 2002, Drupal had evolved to include content versioning, hierarchical taxonomy, advanced caching for performance optimization, and support for the Blogger API, marking a significant milestone in its maturation as a robust web platform.[23] As contributions from early users increased, Drupal transitioned from Buytaert's personal project to a collaborative open-source effort, with community-driven feature suggestions shaping its growth through the mid-2000s.[3] This shift was exemplified by the first DrupalCon event, held February 24-25, 2005, in Antwerp, Belgium, which brought together around 45 developers for the inaugural Developer Sprint and marked the beginning of formalized community gatherings.[24]Major Version Milestones
Drupal's major version milestones reflect a progression toward enhanced usability, modern web standards, and developer efficiency, with releases emphasizing incremental improvements in content management and site building capabilities. Since Drupal 5, the project has adopted a structured release cycle featuring major versions every two years and minor feature releases approximately every six months, alongside monthly patch releases for bug fixes and security updates.[6] Drupal 5, released on January 15, 2007, introduced a web-based installer that simplified setup for non-technical users, integrated jQuery for improved JavaScript handling, and standardized module information through .info files, enabling better dependency management and CSS aggregation for performance.[23] Drupal 6, launched on February 13, 2008, built on these foundations by adding an update manager for in-site module and core updates, enhancing theme system flexibility with improved CSS and JavaScript aggregation, and bolstering accessibility through better semantic HTML and keyboard navigation support; its security support ended on February 24, 2016.[23] Drupal 7, released on January 5, 2011, prioritized user experience with a revamped administrative interface featuring overlay windows and contextual links, an entity system that unified content handling across nodes, users, and taxonomy terms, and built-in mobile responsiveness via responsive themes like Seven; security support ended on January 5, 2025.[6][25] The release of Drupal 8 on November 19, 2015, marked a significant architectural shift, incorporating Symfony framework components for robust routing and dependency injection, introducing configuration management for environment-specific settings via YAML files, and enabling RESTful web services natively to support decoupled and headless architectures; security support concluded on November 2, 2021.[23][6] Drupal 9, issued on June 3, 2020, served as a direct, backward-compatible evolution from Drupal 8, removing deprecated code and requiring PHP 7.4 or higher to align with contemporary standards, while streamlining upgrade paths through automated tools; its security support ended on November 1, 2023.[26][6] Drupal 10, released on December 15, 2022, advanced site provisioning with enhanced recipes for automated configuration imports, introduced experimental automatic updates for core and modules, and upgraded to CKEditor 5 for richer text editing with improved accessibility and plugin extensibility; security support extends until December 9, 2026.[27][28][6] As of November 2025, Drupal 11, first released on August 2, 2024, with the current stable version at 11.2.8, refines structured content modeling with improved field layouts and reusable components, optimizes for PHP 8.3 and above for better performance and type safety, and enhances governance options like hook implementations as classes for modular extensibility.[29][5][30]Core Components
Modules and Themes
Drupal's core modules serve as built-in extensions that provide essential functionality for site management, content handling, user interactions, and system operations. These modules include key components such as the Node module for managing content entities, the User module for authentication and permissions, the Block module for layout placement, the System module for maintenance tasks, and the Views module for creating customized lists and displays of content. In Drupal 11, there are 65 core modules, enabling a modular architecture where administrators can selectively activate features without altering the core codebase.[31][32][29] Core themes define the visual presentation and user interface of Drupal sites, with two primary defaults in recent versions: Claro for administrative interfaces and Olivero for front-end user experiences. Claro offers a clean, accessible design based on the Drupal Design System, emphasizing usability in backend tasks. Olivero, introduced as the default front-end theme starting in Drupal 9.4, supports responsive layouts and modern aesthetics to enhance content display across devices. Both themes leverage the Twig templating engine for secure and flexible HTML rendering.[33][34][35][36] The lifecycle of core modules involves enabling or disabling them through the administrative interface at /admin/modules or via command-line tools like Drush, which allows efficient management with commands such asdrush en modulename for enabling and drush dis modulename for disabling. During these processes, modules can implement hooks—predefined functions like hook_form_alter—to modify behaviors, such as altering form structures before rendering, ensuring extensibility without direct code changes.
Theme development in Drupal relies on the Twig engine for creating templates that separate presentation from logic, supporting preprocessors like SASS for advanced CSS organization and compilation into efficient stylesheets. Developers can create sub-themes that inherit from base themes like Olivero or Claro, overriding specific elements such as templates or CSS while retaining core styling, which promotes maintainable customizations.[36][37][38]
Core modules and themes integrate seamlessly, with modules supplying structural and functional elements that themes render visually. For instance, the Layout Builder module enables drag-and-drop arrangement of blocks and sections, allowing site builders to construct dynamic pages whose output is styled by the active theme, such as applying responsive grids in Olivero. This synergy ensures that functional additions from modules are presented coherently without requiring custom coding for display.[39][40]
Content Management System
Drupal's content management system (CMS) revolves around flexible entities that structure and store site data. Content entities, such as nodes for pages and articles, users for profiles, and taxonomy terms for categorization, form the foundation of content handling.[41] These entities support customizable fields to accommodate diverse data types, including text, images, and media files managed through the File module.[41] Administrators define content types by bundling these entities with specific fields, enabling tailored structures like blog posts or product listings without custom coding.[42] Authoring tools in Drupal facilitate efficient content creation and maintenance. The CKEditor 5 module, integrated into core as stable since Drupal 9.5, provides a modern WYSIWYG rich text editor for formatting content directly in the browser.[43][44] Revision tracking is enabled by default for nodes, automatically saving new versions upon edits to track changes, log messages, and allow reversion to prior states.[45] Core multilingual support via the Content Translation module allows authors to create and manage translations for entities and fields, sharing the same entity ID across languages for streamlined editing.[46] Editorial workflows enhance content governance with predefined states and transitions. The Content Moderation module, available in core since Drupal 8.4, extends basic published and unpublished states to include draft for in-progress work and archived for storage, managed through role-based permissions.[47] Layout Builder serves as a visual tool for assembling pages, enabling drag-and-drop arrangement of fields, blocks, and sections directly on entity forms or displays.[48] Search functionality is powered by the core Search module, which indexes nodes, users, and taxonomy terms for keyword-based queries supporting AND/OR logic and exclusions.[49] For enhanced performance, it offers integration options with external engines like Apache Solr through contributed modules such as Search API Solr. Scalability is supported by Drupal's Cache API, featuring bins for temporary data storage, tags for invalidation, and contexts for personalized caching, reducing database queries on high-traffic sites. The administration interface centers on a unified dashboard, accessible upon login, which aggregates recent content, top tasks, and customizable widgets for quick navigation.[50] It includes dedicated sections for configuration to adjust site settings, reports for monitoring updates and security, and extend management to install core modules like those enabling content features.[50] This streamlined layout, refined in recent versions including Drupal 11, promotes efficient oversight without requiring advanced technical knowledge.[51]Localization and Accessibility
Drupal provides robust localization features to adapt its user interface and content for global audiences. The core Interface Translation module enables translation of the administrative interface and site strings using .po (portable object) files, which follow the GNU Gettext standard for handling translatable text.[52][53] These files allow contributors to translate strings offline or via the web-based interface on localize.drupal.org, supporting over 100 languages out of the box.[54] Additionally, Drupal includes built-in handling for right-to-left (RTL) languages such as Arabic and Hebrew, ensuring proper text direction, layout mirroring, and icon adjustments through language-specific configurations.[55] For more advanced multilingual capabilities, the contributed Internationalization (i18n) module extends core functionality to support translation of content, taxonomies, menus, and blocks.[56] Core modules like Content Translation and Configuration Translation provide foundational support for creating multilingual content entities, translating URLs via path prefixes (e.g., /en/ for English), and enabling domain-based language negotiation for separate sites per language (e.g., en.example.com).[57] The String Translation UI, integrated into core, offers an administrative interface for searching, editing, and importing translation strings, while Configuration Translation allows site-specific settings like block titles and view names to be localized.[52] Drupal emphasizes accessibility to ensure inclusive experiences for users with disabilities, aligning core themes with WCAG 2.2 AA guidelines.[58] Default themes such as Olivero and Claro incorporate semantic HTML5 markup, required alt text fields for images to support screen readers, full keyboard navigation without mouse dependency, and ARIA landmarks for better assistive technology compatibility.[58] These features promote perceivable, operable, understandable, and robust content, with core forms including skip links and focus indicators for efficient traversal.[59] To aid development and maintenance, Drupal includes tools like the core Configuration Translation interface for accessible setup and contributed modules such as Accessibility Toolbar, which adds an on-site toolbar for quick checks on contrast, font sizing, and link validation.[60] In Drupal 11, enhancements include improved semantic HTML output for better screen reader support and integrated contrast evaluation tools within the theme builder, further embedding accessibility into the default experience.[61][62]Extending Drupal
Contributed Modules
Contributed modules form the backbone of Drupal's extensibility, allowing users to add functionality beyond the core without custom development. As of November 2025, over 54,000 contributed modules are available on Drupal.org, each developed and maintained by the community to address specific needs such as content querying, form handling, and URL management.[63] Notable examples include Views, a query builder that enables the creation of customizable displays and lists from database content; Pathauto, which automatically generates SEO-friendly URL aliases based on node titles or patterns; and Webform, a robust tool for building complex forms to collect user-submitted data.[63] These modules are hosted in the Drupal project's repository, where they undergo community review before release. Installation of contributed modules can be accomplished through several methods, ensuring flexibility for different user expertise levels. The recommended approach for modern Drupal sites uses Composer, a dependency management tool, via the commandcomposer require drupal/[module_name], which automatically resolves and installs dependencies while adhering to semantic versioning for compatibility.[64] Alternatively, Drush, a command-line interface, allows installation with drush pm:install [module_name], ideal for scripted or server-based workflows.[64] For simpler setups, the administrative user interface at /admin/modules permits direct installation by selecting and enabling modules, though this method is less suitable for projects with complex dependencies.[64]
Best practices for adopting contributed modules emphasize security and compatibility to maintain site integrity. Before installation, conduct security reviews using tools like the Security Review module, which scans for common vulnerabilities such as SQL injection or cross-site scripting by implementing checks through classes that extend Drupal\security_review\Check.[65] Compatibility checks are crucial, particularly verifying module support for the target Drupal version; for instance, Drupal 11 mandates PHP 8.3 or higher, requiring modules to align with this and other system prerequisites like PDO and JSON extensions.[66] Administrators should prioritize modules with active maintenance, recent releases, and high adoption rates, as indicated by Drupal.org's usage statistics.
Several popular ecosystems built on contributed modules enhance Drupal for specialized use cases. The Commerce suite provides comprehensive e-commerce capabilities, including product management, shopping carts, and payment integrations, powering thousands of online stores. Paragraphs enables flexible content components by allowing reusable bundles of fields within nodes, facilitating advanced layouts without altering core entities. For decoupled architectures, the core JSON:API module—stabilized in Drupal 8.7—serves as a foundation, extended by contributed modules like Commerce API to expose e-commerce resources via RESTful endpoints compliant with the JSON:API specification.[67][68]
Ongoing maintenance of contributed modules involves monitoring for updates and security issues to ensure long-term stability. Drupal's Update Manager module provides automated notifications for available updates through the admin interface at /admin/reports/updates, alerting users to new releases that address bugs or add features.[69] Security advisories, issued by the Drupal Security Team, cover critical vulnerabilities in covered modules (those in stable status) and are accessible via Drupal.org's security portal, with automated feeds enabling proactive patching.[70] Sites should enable maintenance mode during updates to prevent disruptions, followed by running database updates via Drush or the UI.[69]