Drupal

Drupal was originally written by Dries Buytaert as a message board for his friends to communicate in their dorms while working on his Master's degree at the University of Antwerp.{{Cite web |last=Miller |first=Ron |date=22 January 2021 |title=Drupal's journey from dorm-room project to billion-dollar exit |url=https://techcrunch.com/2021/01/22/drupals-journey-from-dorm-room-project-to-billion-dollar-exit/ |access-date=20 September 2022 |website=TechCrunch |language=en-US}}{{Cite web |last=Ruthven |first=Hunter |date=17 April 2012 |title=Dorm room to boardroom - Dries Buytaert on growing Drupal |url=https://www.growthbusiness.co.uk/dorm-room-to-boardroom-2098958/ |access-date=20 September 2022 |website=Growth Business |language=en-GB}} After graduation, Buytaert moved the site to the public internet and named it Drop.org. Between 2003 and 2008 Dries Buytaert worked towards a PhD degree at Ghent University.{{cite thesis |type=PhD |last=Buytaert |first=Dries |date=24 January 2008 |title=Profiling techniques for performance analysis and optimization of Java applications |url=https://lib.ugent.be/catalog/rug01:001253694}}

The name Drupal represents an English rendering of the Dutch word druppel, which means "drop" (as in a water droplet).{{Cite web | url=http://translation.babylon.com/Dutch/to-English/druppel/ | title=Druppel: Dutch to English Translation | work=Babylon Translation | access-date=8 April 2009 | archive-url=https://web.archive.org/web/20090413040840/http://translation.babylon.com/Dutch/to-English/druppel | archive-date=13 April 2009 | url-status=dead }} The name came from the now-defunct Drop.org, whose code slowly evolved into Drupal. Buytaert wanted to call the site "dorp" (Dutch for "village") for its community aspects, but mistyped it when checking the domain name and thought the error sounded better.{{Cite web |title=History |url=http://drupal.org/node/769 |access-date=8 April 2009 |work=drupal.org}}

Drupal became an open source project in 2001. Interest in Drupal got a significant boost in 2003 when it helped build "DeanSpace" for Howard Dean, one of the candidates in the U.S. Democratic Party's primary campaign for the 2004 U.S. presidential election. DeanSpace used open-source sharing of Drupal to support a decentralized network of approximately 50 disparate, unofficial pro-Dean websites that allowed users to communicate directly with one another as well as with the campaign.{{Cite book | title=The Definitive Guide to Drupal 7 |author=Benjamin Melançon|edition=2nd|publisher=Apress|year=2011 |isbn= 9781430231356|page=823 | url=https://books.google.com/books?id=Oqi_eei2kq8C&pg=PA823|display-authors=etal}} After Dean ended his campaign, members of his Web team continued to pursue their interest in developing a Web platform that could aid political activism by launching CivicSpace Labs in July 2004, "...the first company with full-time employees that was developing and distributing Drupal technology."{{Cite web | url=http://www.oreillynet.com/onlamp/blog/2006/05/digital_politics_an_interview.html | url-status=dead | archive-date=17 May 2006 | archive-url=https://web.archive.org/web/20060517024656/http://www.oreillynet.com/onlamp/blog/2006/05/digital_politics_an_interview.html | title=Digital Politics: An Interview With CivicSpace Founder Zack Rosen | last= Critchley | first=Spencer | work=O'Reilly Media | date=3 May 2006 | access-date=27 May 2012}} Other companies also began to specialize in Drupal development.{{Cite web | url=http://culturedigitally.org/2012/03/dean-romney-and-drupal-values-and-technological-adoption | title=Dean, Romney, and Drupal: Values and Technological Adoption | last=Kreiss | first=Daniel | work=Culture Digitally | date=5 March 2012 | access-date=27 May 2012}}Samantha M. Shapiro, [https://www.nytimes.com/2003/12/07/magazine/the-dean-connection.html "The Dean Connection"], The New York Times 7 December 2003, accessed 27 May 2012.

By 2013, the Drupal website listed hundreds of vendors that offered Drupal-related services.{{Cite web | url=http://drupal.org/drupal-services/all | title=Marketplace | work=drupal.org | access-date=18 April 2013}}

{{As of | 2014}}, Drupal is developed by a community.{{Cite web | url=http://groups.drupal.org/node/1980 | title=Growth Graphs | last=Koenig | first=Josh | work=Groups.Drupal | access-date=8 April 2009}}{{Update needed|date=October 2022}} From July 2007 to June 2008, the Drupal.org site provided more than 1.4 million downloads of Drupal software, an increase of approximately 125% from the previous year.{{Cite web | title=Drupal Download Statistics | url=http://buytaert.net/drupal-download-statistics-2008 | last=Buytaert | first=Dries|year=2008 | access-date=8 April 2009}}{{Cite web | title=Drupal Download Statistics | url=http://buytaert.net/drupal-download-statistics-2007 | last=Buytaert | first=Dries | year=2007 | access-date=8 April 2009}}

{{As of|2017|01}} more than 1,180,000 sites use Drupal.{{Cite web | url=https://drupal.org/project/usage/drupal | title=Usage statistics for Drupal core}} These include hundreds of well-known organizations,{{Cite web | url=http://buytaert.net/tag/drupal-sites?page=27 | title=Drupal Sites | work=Dries Buytaert | access-date=20 July 2010}} including corporations, media and publishing companies, governments, non-profits,{{Cite web | url=http://engineindustries.com/blog/jason/list-nonprofit-npo-ngo-websites-using-drupal | archive-url=https://web.archive.org/web/20091224162949/http://engineindustries.com/blog/jason/list-nonprofit-npo-ngo-websites-using-drupal | url-status=dead | archive-date=24 December 2009 | title=List of Nonprofit, NPO, NGO Websites Using Drupal | work=ENGINE Industries | access-date=20 July 2010 }} schools,{{Cite web |last=Critic |first=C. M. S. |date=27 February 2024 |title=Empowering Higher Ed: 4 Strategies to Transform your Drupal CMS into an Open Source DXP at Scale |url=https://cmscritic.com/empowering-higher-ed-4-strategies-to-transform-your-drupal-cms-into-an-open-source-dxp-at-scale |access-date=10 April 2025 |website=CMS Critic |language=en}} and individuals. Drupal has won several Packt Open Source CMS Awards{{Cite web | url=http://www.packtpub.com/open-source-cms-award-previous-winners | title=OSS CMS Award Previous Winners | work=Packt Publishing | access-date=8 April 2009 | archive-url=https://web.archive.org/web/20090707094004/http://www.packtpub.com/open-source-cms-award-previous-winners | archive-date=7 July 2009 | url-status=dead }} and won the Webware 100 {{clarify|date=October 2017}} three times in a row.{{Cite web | url=http://drupal.org/Drupal-2009-webware-100-winner | title=Drupal is a Webware 100 winner for the third year in a row | date=19 May 2009 |publisher=Drupal.org | access-date=31 August 2011}}{{Cite web | url=http://news.cnet.com/8301-13546_109-10237630-29.html?tag=mncol | archive-url=https://archive.today/20120710215055/http://news.cnet.com/8301-13546_109-10237630-29.html?tag=mncol | url-status=dead | archive-date=10 July 2012 | title=Cnet.com | publisher=News.cnet.com | date=19 May 2009 | access-date=31 August 2011 }}

Drupal 6 was released on 13 February 2008,{{Cite web|url=https://www.drupal.org/forum/general/news-and-announcements/2008-02-13/drupal-60-released|title=Drupal 6.0 released | Drupal.org|date=13 February 2008 }} on 5 March 2009, Buytaert announced a code freeze for Drupal 7 for 1 September 2009.{{Cite web | url=http://buytaert.net/drupal-7-code-freeze-september-1st | title=Buytaert.net| date=4 March 2009|publisher=Buytaert.net | access-date=31 August 2011}} Drupal 7 was released on 5 January 2011, with release parties in several countries.{{Cite web | url=http://buytaert.net/drupal-7-to-be-released-on-january-5th-with-one-ginormous-party | title=Drupal 7 to be released on January 5 (with one ginormous party) | date=21 December 2010 |publisher=Buytaert.net | access-date=31 August 2011}} After that, maintenance on Drupal 5 stopped, with only Drupal 7 and Drupal 6 maintained.{{Cite web | url=http://www.scoop.co.nz/stories/SC1012/S00048/xplain-hosting-drupal-7-quickstart-training-seminar.htm | title=Xplain Hosting Drupal 7 Quickstart training seminar|publisher=Scoop | date=16 December 2010}}

Drupal 7's end-of-life was scheduled for November 2021, but given the impact of COVID-19, and the continuing wide usage, the end of life was pushed back until 1 November 2023.{{cite web|url=https://www.drupal.org/psa-2022-02-23|title=Drupal 7's End-of-Life extended to November 1, 2023 - PSA-2022-02-23|date=23 February 2022 |access-date=29 March 2022}} This was extended once more as of June 2023 and was finally set for 5 January 2025.{{Cite web |date=7 June 2023 |title=End of life announcement and changes to Drupal 7 support - PSA-2023-06-07 |url=https://www.drupal.org/psa-2023-06-07 |access-date=10 January 2024 |website=Drupal.org |language=en}}

In October 2022, Drupal released an open source headless CMS accelerator, allowing the front end to be managed outside of the core system.{{Cite web |last=Fluckinger |first=Don |date=26 October 2022 |title=Acquia releases open source headless CMS accelerator |url=https://www.techtarget.com/searchcontentmanagement/news/252526460/Acquia-releases-open-source-headless-CMS-accelerator |access-date=10 November 2022 |website=TechTarget |language=en}}{{Cite web |last=MacManus |first=Richard |date=26 October 2022 |title=How Drupal Fits Into an Increasingly Headless CMS World |url=https://thenewstack.io/how-drupal-fits-into-an-increasingly-headless-cms-world/ |access-date=10 November 2022 |website=The New Stack |language=en-US}}

In the Drupal community, "core" refers to the collaboratively built codebase that can be extended through contributory modules and—for versions prior to Drupal 8—is kept outside of the "sites" folder of a Drupal installation.{{Cite web | url=http://drupal.org/node/144376 | title=Never hack core | work=drupal.org| date=16 May 2007 }} (Starting with version 8, the core is kept in its own 'core' sub-directory.) Drupal core is the stock element of Drupal. Common Drupal-specific libraries, as well as the bootstrap process, are defined as Drupal core; all other functionality is defined as Drupal modules including the system module itself.

In a Drupal website's default configuration, authors can contribute content as either registered or anonymous users (at the discretion of the administrator). This content is accessible to web visitors through a variety of selectable criteria. As of Drupal 8, Drupal has adopted some Symfony libraries into Drupal core.

Core modules also include a hierarchical taxonomy system, which lets developers categorize content or tag with keywords for easier access.{{Cite web | url=http://drupal.org/features | title=Features | work=drupal.org | access-date=8 April 2009}}

Drupal core includes modules that can be enabled by the administrator to extend the functionality of the core website.{{Cite web | url=https://www.drupal.org/docs/core-modules-and-themes | title=Documentation: Core modules and themes | work=drupal.org | date=4 November 2016 | access-date=22 January 2021}}{{Cite web | url=https://www.lnwebworks.com/Insight/5-modules-to-integrate-ecommerce-with-drupal-website | title=Documentation: Core Modules and eCommerce | work=lnwebworks.com }}

The core Drupal distribution provides a number of features, including:

{{columns-list|colwidth=22em|

• Access statistics and logging
• Advanced search
• Books, comments, and forums
• Caching, lazy-loading content (using BigPipe) and feature throttling for improved performance
• Custom content type and fields, and user interface to create, manage, and display lists of content.
• Descriptive URLs
• Multi-level menu system
• Multi-site support{{Cite web | url=https://www.drupal.org/docs/multisite-drupal | title=Documentation: Multisite Drupal | date=17 August 2016 }}
• Multi-user content creation and editing
• RSS feed and feed aggregator
• Security and new release update notification
• User profiles
• Various access control restrictions (user roles, IP addresses, email)
• Workflow tools (triggers and actions)

}}

Drupal includes core themes, which customize the "look and feel" of Drupal sites,{{Cite web |last=Buytaert |first=Dries |date=30 October 2006 |title=Garland, the new default core theme |url=http://drupal.org/node/91964 |access-date=8 April 2009 |work=drupal.org}} for example, Garland and Bartik.

The Color Module, introduced in Drupal core 5.0, allows administrators to change the color scheme of certain themes via a browser interface.{{Cite web | url=http://drupal.org/handbook/modules/color | title=Color: Allows the user to change the color scheme of certain themes | work=drupal.org | date=8 October 2007 | access-date=8 April 2009}}

At DrupalCon Portland in 2024, Dries Buytaert called for the Drupal Community to create a new, modernized Drupal experience. The project was initially called Starshot{{Cite web |last=Quinlan |first=Keely |date=10 May 2024 |title=Drupal announces 'Starshot' release for less-technical users |url=https://statescoop.com/drupal-starshot-state-government-2024/ |access-date=10 April 2025 |website=StateScoop |language=en-US}} and it was an effort to reframe how people think of Drupal. The project aims to deliver a more user-friendly and out-of-the-box version of Drupal, with a focus on ease of use, faster onboarding, and a polished default experience. In 2025, this project was launched as Drupal CMS. This represents a shift toward making Drupal more accessible to non-developers while retaining its powerful, flexible core architecture.{{Cite web |last=Dees |first=Mels |date=17 January 2025 |title=Drupal launches no-code CMS |url=https://www.techzine.eu/news/applications/127906/drupal-launches-no-code-cms/ |access-date=10 April 2025 |website=Techzine Global |language=en}}

[https://www.drupal.org/project/cms Drupal CMS ] also includes many new [Artificial Intelligence] features.{{Cite web |date=31 January 2025 |title=Drupal: Power, Flexibility, Freedom, and Now Smarter with AI |url=https://www.thedroptimes.com/interview/45813/drupal-power-flexibility-freedom-and-now-smarter-with-ai |access-date=10 April 2025 |website=www.thedroptimes.com |language=en}} Drupal is now more easily able to create an open source, no code/low code alternative.{{Cite web |date=27 June 2024 |title=Recipes, Starshot, and the future of Drupal {{!}} TheDropTimes |url=https://www.thedroptimes.com/events/40731/recipes-starshot-and-future-drupal |access-date=10 April 2025 |website=www.thedroptimes.com |language=en}}

As of September 2022, Drupal is available in 100 languages including English (the default).{{Cite web | url=https://localize.drupal.org/translate/downloads | title=Drupal core translation downloads | work=drupal.org | access-date=30 January 2017}}{{Cite web |last=Nick |first=Edward |date=7 September 2022 |title=Drupal |url=https://www.datasciencecentral.com/reasons-why-you-need-to-integrate-your-drupal-hosting-with-cloudways/ |access-date=20 September 2022 |website=Data Science Central |language=en-US}} Support is included for right-to-left languages such as Arabic, Persian, and Hebrew.{{Cite web | url=http://drupal.org/drupal-6.0 | title=Drupal 6.0 released | work=drupal.org | date=13 February 2008 | access-date=8 April 2009}}

Drupal localization is built on top of gettext, the GNU internationalization and localization (i18n) library.

Drupal can automatically notify the administrator about new versions of modules, themes, or the Drupal core. It's important to update quickly after security updates are released.

Before updating it is highly recommended to take backup of core, modules, theme, files and database. If there is any error shown after update or if the new update is not compatible with a module, then it can be quickly replaced by a backup. There are several backup modules available in Drupal.

On 15 October 2014, an SQL injection vulnerability was announced and update was released.{{cite web |url=https://www.drupal.org/SA-CORE-2014-005 |title=SA-CORE-2014-005 - Drupal core - SQL injection |newspaper=Https |date=15 October 2014 |access-date= 3 December 2014}} Two weeks later the Drupal security team released an advisory explaining that everyone should act under the assumption that any site not updated within 7 hours of the announcement was compromised by automated attacks.{{cite web |url=https://www.drupal.org/PSA-2014-003 |title=Drupal Core - Highly Critical - Public Service announcement - PSA-2014-003 |newspaper=Https |date=29 October 2014 |access-date= 3 December 2014}} Thus, it can be extremely important to apply these updates quickly and usage of a tool like drush to make this process easier is highly recommended.

Prior to version 7, Drupal had functions that performed tasks related to databases, such as SQL query cleansing, multi-site table name prefixing, and generating proper SQL queries. In particular, Drupal 6 introduced an abstraction layer that allowed programmers to create SQL queries without writing SQL.

Drupal 9 extends the data abstraction layer so that a programmer no longer needs to write SQL queries as text strings. It uses PHP Data Objects to abstract the database. Microsoft has written a database driver for their SQL Server. Drupal 7 supports the file-based SQLite database engine, which is part of the standard PHP distribution.

With Drupal 9's new database abstraction layer, and ability to run on the Windows web server IIS, it is now easier for Windows developers to participate in the Drupal community.

A group on Drupal.org is dedicated to Windows issues.{{Cite web | url=http://groups.drupal.org/drupal-windows | title=Drupal on Windows Group | work=drupal.org | access-date=14 February 2011}}

Since the release of Drupal 7, Web accessibility has been constantly improving in the Drupal community.{{Cite web | url=http://drupal.org/about/accessibility | title=Accessibility statement | last=Killesreiter | first=Gerhard | work=drupal.org | date=25 February 2013 | access-date=16 April 2013}} Drupal is a good framework for building sites accessible to people with disabilities, because many of the best practices have been incorporated into Drupal Core.

Drupal 8 saw many improvements from the Authoring Tool Accessibility Guidelines (ATAG) 2.0 guidelines which support both an accessible authoring environment as well as support for authors to produce more accessible content.

The accessibility team is carrying on the work of identifying and resolving accessibility barriers and raising awareness within the community.

Drupal 8 has good semantic support for rich web applications through WAI-ARIA. There have been many improvements to both the visitor and administrator sides of Drupal, especially:

• Drag and drop functionality
• Improved color contrast and intensity
• Adding skip navigation to core themes
• Adding labels by default for input forms
• Fixing CSS display:none with consistent methods for hiding and exposing text on focus
• Adding support for ARIA Live Regions with Drupal.announce
• Adding a TabbingManager to support better keyboard navigation{{Cite web | url=https://www.drupal.org/docs/8/accessibility/drupal-8-accessibility-features | title=Drupal 8 Accessibility Features | date=27 May 2013 }}

The community also added an accessibility gate for core issues in Drupal 8.{{Cite web | url=http://drupal.org/core-gates#accessibility | title=Drupal core gates | last=Scholten | first=Roy | work=drupal.org | date=10 December 2012 | access-date=16 April 2013}}

Drupal core is modular, defining a system of hooks and callbacks, which are accessed internally via an API.{{Cite web | url=http://api.drupal.org/ | title=API Reference | work=drupal.org | access-date=8 April 2009}} This design allows third-party contributed modules and themes to extend or override Drupal's default behaviors without changing Drupal core's code.

Drupal isolates core files from contributed modules and themes. This increases flexibility and security and allows administrators to cleanly upgrade to new releases without overwriting their site's customizations.{{Cite web | url=http://drupal.org/node/22283 | title=File and directory management | work=drupal.org| date=7 May 2005 }} The Drupal community has the saying, "Never hack core," a strong recommendation that site developers do not change core files.

Contributed modules offer such additional or alternate features as image galleries, custom content types and content listings, WYSIWYG editors, private messaging, third-party integration tools,{{Cite web|url=https://www.specbee.com/blogs/symphony2-components-drupal-8-integration-every-drupaler-must-know-about|title=Integrating Drupal with External Systems|date=24 August 2018|publisher=specbee.com|access-date=24 August 2018}} integrating with BPM portals,{{cite web|url=https://www.srijan.net/solutions/drupal-camunda-bpm-integration | title=Drupal Camunda BPM Integration | website=Srijan Technologies }} and more. {{As of|2019|12}} the Drupal website lists more than 44,000 free modules.{{Cite web |date=18 March 2022 |title=Module project {{!}} Drupal.org |url=https://www.drupal.org/project/project_module |url-status=live |archive-url=https://web.archive.org/web/20230623133015/http://web.archive.org/screenshot/https://www.drupal.org/project/project_module |archive-date=23 June 2023 |access-date=23 June 2023 |website=www.drupal.org}}

Some of the most commonly used contributed modules include:{{Cite web | url=https://drupal.org/project/usage | title=Project usage overview | work=Drupal.org | access-date=18 August 2011}}

• Content Construction Kit (CCK): Allows site administrators to dynamically create content types by extending the database schema. "Content type" describes the kind of information. Content types include, but are not limited to, events, invitations, reviews, articles, and products. The CCK Fields API is in Drupal core in Drupal 7.{{cite web |url=http://www.psdtodrupaldeveloper.com/blog/why-upgrade-from-drupal-5-to-drupal-7 |title=DRUPAL 5 TO DRUPAL 7 |access-date=24 March 2015 |archive-url=https://web.archive.org/web/20170704050410/http://www.psdtodrupaldeveloper.com/blog/why-upgrade-from-drupal-5-to-drupal-7 |archive-date=4 July 2017 |url-status=dead }}{{Cite web | title=Field API| url=http://drupal.org/node/361849|year=2009 | access-date=8 May 2009}}
• Views: Facilitates the retrieval and presentation, through a database abstraction system, of content to site visitors. Basic views functionality has been added to core of Drupal 8.{{Cite web | title=Views in Drupal Core initiative: Status report and roadmap | date=3 September 2012 | url=https://www.drupal.org/community-initiatives/drupal-core/vdc-roadmap | access-date=4 November 2014}}
• Panels: Drag and drop layout manager that allows site administrators to visually design their site.
• Rules: Conditionally executed actions based on recurring events.
• Features: Enables the capture and management of features (entities, views, fields, configuration, etc.) into custom modules.
• Context: Allows the definition of sections of site where Drupal features can be conditionally activated
• Media: Makes photo uploading and media management easier
• Services: Provides an API for Drupal.

{{As of|2019|12}}, there are more than 2,800 free community-contributed themes.{{Cite web |date=18 March 2022 |title=Theme project {{!}} Drupal.org |url=https://www.drupal.org/project/project_theme |url-status=live |archive-url=https://archive.today/20220318195454/https://www.drupal.org/project/project_theme#selection-761.0-761.13 |archive-date=18 March 2022 |access-date=21 September 2017 |website=www.drupal.org}} Themes adapt or replace a Drupal site's default look and feel.

Drupal themes use standardized formats that may be generated by common third-party theme design engines. Many are written in the PHPTemplate engine{{Cite web | url=http://drupal.org/phptemplate | title=PHPTemplate theme engine | work=drupal.org | access-date=8 April 2009 | url-status=dead | archive-url=https://web.archive.org/web/20090308030334/http://drupal.org/phptemplate | archive-date=8 March 2009 }} or, to a lesser extent, the XTemplate engine.{{Cite web | url=http://drupal.org/node/6493 | title=XTemplate theme engine | work=drupal.org | access-date=8 April 2009 | url-status=dead | archive-url=https://web.archive.org/web/20090316205154/http://drupal.org/node/6493 | archive-date=16 March 2009 }} Some templates use hard-coded PHP. Drupal 8 and future versions of Drupal integrate the Twig templating engine.{{Cite web |last=Arghire |first=Ionut |date=29 September 2022 |title=Drupal Updates Patch Vulnerability in Twig Template Engine {{!}} SecurityWeek.Com |url=https://www.securityweek.com/drupal-updates-patch-vulnerability-twig-template-engine |access-date=11 October 2022 |website=www.securityweek.com}}

The inclusion of the PHPTemplate and XTemplate engines in Drupal addressed user concerns about flexibility and complexity.{{Cite web | url=http://drupal.org/node/15689#comment-25704 | title=How does Drupal compare to Mambo? discussion thread | work=drupal.org | date=17 January 2005 | access-date=8 April 2009}} The Drupal theming system utilizes a template engine to further separate HTML/CSS from PHP. A popular Drupal contributed module called 'Devel' provides GUI information to developers and themers about the page build.

Community-contributed themes on the Drupal website are released under a free GPL license.{{Cite web| url=http://drupal.org/project/Themes| title=Drupal themes| publisher=Drupal.org| access-date=31 August 2011| archive-date=23 August 2007| archive-url=https://web.archive.org/web/20070823232913/http://drupal.org/project/Themes| url-status=dead}}{{Cite web | url=http://drupal.org/node/14208 | title=Adding your theme to Drupal.org|publisher=Drupal.org}}

In the past, those wanting a fully customized installation of Drupal had to download a pre-tailored version separately from the official Drupal core. Today, however, a distribution defines a packaged version of Drupal that upon installation, provides a website or application built for a specific purpose.

The distributions offer the benefit of a new Drupal site without having to manually seek out and install third-party contributed modules or adjust configuration settings.{{Cite web| title=Top Drupal Distributions| url=http://www.aglobalway.com/content/top-drupal-distributions| publisher=AGLOBALWAY Consulting Services Inc.| url-status=usurped| archive-url=https://web.archive.org/web/20140413154924/http://www.aglobalway.com/content/top-drupal-distributions| archive-date=13 April 2014}} They are collections of modules, themes, and associated configuration settings that prepare Drupal for custom operation. For example, a distribution could configure Drupal as a "brochure" site rather than a news site or online store.

Drupal is based on the Presentation Abstraction Control architecture, or PAC.

The menu system acts as the Controller. It accepts input via a single source (HTTP GET and POST), routes requests to the appropriate helper functions, pulls data out of the Abstraction (nodes and, from Drupal 5 onwards, forms), and then pushes it through a filter to get a Presentation of it (the theme system).

It even has multiple, parallel PAC agents in the form of blocks that push data out to a common canvas (page.tpl.php).{{Cite web | url=http://www.garfieldtech.com/blog/mvc-vs-pac | title=MVC vs. PAC}}

Drupal.org has a large community of users and developers who provide active community support by coming up with new updates to help improve the functionality of Drupal.[https://maansoftwares.com/blog/drupal/drupal-cms-grew-overnight Drupal - CMS Grew Overnight] By MAAN Softwares, Retrieved, 8 June 2017 {{As of|2017|01}} more than 105,400 users are actively contributing. The semiannual DrupalCon conference alternates between North America, Europe and Asia.{{cite web|url=http://groups.drupal.org/node/17870|title=drupal.org discussion on DrupalCon event management|publisher=Groups.drupal.org|access-date=31 August 2011}} Attendance at DrupalCon grew from 500 at Szeged in August 2008, to over 3,700 people at Austin, Texas, in June 2014.

Smaller events, known as "Drupal Camps" or DrupalCamp, occur throughout the year all over the world.{{cite web|title=Drupal Camps and Cons|url=http://buildamodule.com/drupal-camps-calendar|access-date=25 January 2013}} The annual Florida DrupalCamp brings users together for Coding for a Cause that benefits a local nonprofit organization, as does the annual GLADCamp (Greater Los Angeles Drupal Camp) event, Coders with a Cause.

The Drupal community also organizes professional and semi-professional gatherings called meetups at numerous venues around the world.

There are over 30 national communities{{cite web|url=http://drupal.org/language-specific-communities|title=Language specific communities|publisher=Drupal.org|date=26 August 2011|access-date=31 August 2011}} around drupal.org offering language-specific support.

There are several Drupal specific forms of Media. The most popular is podcasts. DrupalEasy, TalkingDrupal and the Lullabot Podcast all have hundreds of episodes and thousands of regular listeners.

Recently, The Drop Times{{Cite web |title=Talking Drupal #384 - The Drop Times {{!}} Talking Drupal |url=https://talkingdrupal.com/384 |access-date=5 July 2024 |website=talkingdrupal.com |language=en}} has become a Drupal focused media outlet, highlighting stories of relevance to the Drupal community.

Notable Drupal users include:

• McGill University
• NBC{{Cite web |last=Fluckinger |first=Don |date=10 March 2021 |title=Acquia digital experience platform adds CX-friendly tools |url=https://www.techtarget.com/searchcustomerexperience/news/252498311/Acquia-digital-experience-platform-adds-CX-friendly-tools |access-date=6 December 2022 |website=TechTarget |language=en}}
• Taboola
• Patch
• We the People{{cite news|last1=Spencer|first1=Jamie|title=CMS Battle for Beginners: WordPress vs Joomla vs Drupal (Infographic)|url=https://makeawebsitehub.com/compare/content-management-system-cms-comparison/|access-date=17 May 2017|work=MakeAWebsiteHub.com|date=7 April 2017}}
• Oxford
• NASA{{Cite web |last=Caron |first=Bruce |title=NASA Science on Drupal Central |url=http://www.earthdata.nasa.gov/esds/competitive-programs/access/drupal-central |access-date=5 October 2022 |website=earthdata.nasa.gov |date=20 May 2015 |language=en}}
• Nokia
• European Commission
• UNICEF{{Cite web |last=Blyaert |first=Luc |date=18 October 2022 |title=Tobania trekt CM binnen met Dries Buytaert |url=https://www.computable.be/artikel/nieuws/management/7423245/5440850/tobania-trekt-cm-binnen-met-dries-buytaert.html |access-date=18 October 2022 |website=www.computable.be |language=NL}}
• Wish
• Qualcomm{{Cite web |last=Kaur Dadiala |first=Karanjeet |date=8 August 2022 |title=16 Organization Websites Built Using Drupal in 2022 |url=https://www.zyxware.com/article/16-organization-websites-built-using-drupal-in-2022 |access-date=9 October 2022 |website=Zyxware Technologies |language=en}}
• AMD (Advanced Micro Devices)
• TSMC (Taiwan Semiconductor Manufacturing Company Limited)
• Rainforest Alliance{{Cite web |date=27 May 2021 |title=Who Uses Drupal? 10 Famous Drupal Websites {{!}} Smartbees |url=https://smartbees.co/blog/who-uses-drupal-10-famous-drupal-websites |access-date=5 October 2022 |website=smartbees.co |language=en}}
• VISA
• Olympic Games
• Smithsonian Institution{{Cite web |last=Montti |first=Roger |date=22 April 2022 |title=Drupal Warns of Two Critical Vulnerabilities |url=https://www.searchenginejournal.com/drupal-warns-of-two-critical-vulnerabilities/446913/ |access-date=23 October 2022 |website=Search Engine Journal |language=en}}
• Universal Music Group
• Pfizer
• Johnson & Johnson
• Princeton University
• Columbia University

Drupal's policy is to announce the nature of each security vulnerability once the fix is released.{{Cite web | url=https://drupal.org/security-team | title=Security announcement and release process| author=Drupal| date=October 2005}}{{Cite web | url=https://drupal.org/security-team/report-issue | title=How to report a security issue| author=Drupal}}

Administrators of Drupal sites can be automatically notified of these new releases via the Update Status module (Drupal 6) or via the Update Manager (Drupal 7).{{Cite web | url=http://drupal.org/documentation/modules/update | title=Update manager (and Update status) | work=drupal.org | access-date=1 July 2011}}

Drupal maintains a security announcement mailing list, a history of all security advisories, a security team home page, and an RSS feed with the most recent security advisories.{{Cite web|url=http://drupal.org/security|title=Security advisories|work=drupal.org|access-date=28 April 2009}}{{Cite web | url=http://drupal.org/security-team | title=Drupal security team| date=October 2005|publisher=Drupal.org | access-date=31 August 2011}}{{Cite web | url=http://drupal.org/security/rss.xml | title=Drupal Security RSS feed|publisher=Drupal.org | access-date=31 August 2011}}

In mid-October 2014, Drupal issued a "highly critical" security advisory regarding an SQL injection bug in Drupal 7, also known as Drupalgeddon.{{Cite web |last=Leyden |first=John |date=3 November 2014 |title=Drupal megaflaw raises questions over CMS bods' crisis mgmt |url=https://www.theregister.com/2014/11/03/drupal_drupalgeddon_analysis/ |website=www.theregister.com}}{{cite web|url=https://www.drupal.org/SA-CORE-2014-005|title=SA-CORE-2014-005 - Drupal core - SQL injection|work=Security advisories|date=15 October 2014 |publisher=Drupal security team}}{{cite web|url=https://www.drop-guard.net/blog/drupalgeddon-panama-papers|work=Blog|publisher=Drop Guard|title=Drupalgeddon strikes back: outdated Drupal allegedly linked to "Panama Papers"|access-date=13 July 2016|archive-date=11 June 2016|archive-url=https://web.archive.org/web/20160611201911/http://www.drop-guard.net/blog/drupalgeddon-panama-papers|url-status=dead}} Downloading and installing an upgrade to Drupal 7.32 fixes the vulnerability, but does not remove any backdoor installed by hackers if the site has already been compromised.{{cite web|url=https://www.drupal.org/PSA-2014-003|title=Drupal Core—Highly Critical—Public Service Announcement—PSA-2014-003|date=29 October 2014|work=Security advisories|publisher=Drupal security team|quote=

You should proceed under the assumption that every Drupal 7 website was compromised unless updated or patched before Oct 15th, 11pm UTC, that is 7 hours after the announcement.

Simply updating to Drupal 7.32 will not remove backdoors....updating to version 7.32 or applying the patch fixes the vulnerability but does not fix an already compromised website. If you find that your site is already patched but you didn't do it, that can be a symptom that the site was compromised - some attacks have applied the patch as a way to guarantee they are the only attacker in control of the site.

In late March 2018, a patch for vulnerability CVE-2018-7600, also dubbed Drupalgeddon2, was released. The underlying bug allows remote attackers without special roles or permissions to take complete control of Drupal 6, 7, and 8 sites.{{Cite web|url=https://dropsolid.com/en/blog/how-we-installed-drupal-security-patch-1300-sites-stress-free|title=How we installed a Drupal security patch on 1300 sites, stress-free!|website=Dropsolid|date=4 April 2018 |access-date=11 March 2019}}{{cite web|title=FAQ about SA-CORE-2018-002|url=https://groups.drupal.org/security/faq-2018-002|publisher=Drupal Security Team|access-date=23 April 2018}} Drupal 6 reached end-of-life on 24 February 2016, and does not get official security updates (extended support is available from two paid Long Term Services Vendors).{{Cite web|date=9 November 2015|title=Drupal 6 end-of-life announcement|url=https://www.drupal.org/forum/general/news-and-announcements/2015-11-09/drupal-6-end-of-life-announcement|access-date=1 May 2021|website=Drupal.org}} Starting early April, large scale automated attacks against vulnerable sites were observed, and on 20 April, a high level of penetration of unpatched sites was reported.{{cite news|last1=Goddin|first1=Dan|title="Drupalgeddon2" touches off arms race to mass-exploit powerful Web servers|url=https://arstechnica.com/information-technology/2018/04/drupalgeddon2-touches-off-arms-race-to-mass-exploit-powerful-web-servers/|access-date=23 April 2018|publisher=Ars Technica|date=20 April 2018}}

On 23 December 2019, Drupal patched an arbitrary file upload flaw. The file-upload flaw affects Drupal 8.8.x before 8.8.1 and 8.7.x before 8.7.11, and the vulnerability is listed as moderately critical by Drupal.{{Cite web|url=https://duo.com/decipher/drupal-patches-arbitrary-file-upload-flaw|title=Drupal Patches Arbitrary File Upload Flaw|website=Decipher|date=23 December 2019 |access-date=23 December 2019}}{{Cite web|url=https://www.drupal.org/sa-core-2019-009|title=Drupal core - Moderately critical - Denial of Service - SA-CORE-2019-009|date=18 December 2019|website=Drupal.org|access-date=23 December 2019}}

In September 2022, Drupal announced two security advisories for a severe vulnerability in Twig for users of Drupal 9.3 and 9.4.{{Cite web |last=Montti |first=Roger |date=1 October 2022 |title=Drupal Warns of Critical High Severity Vulnerability |url=https://www.searchenginejournal.com/drupal-critical-vulnerability/466647/ |access-date=11 October 2022 |website=Search Engine Journal |language=en}} That week, Drupal also announced a patch for the S3 File System to fix an access bypass issue.

In January 2023, Drupal announced software updates to resolve four vulnerabilities in Drupal core and three plugins.{{Cite web |last=Arghire |first=Ionut |date=20 January 2023 |title=Drupal Patches Vulnerabilities Leading to Information Disclosure |url=https://www.securityweek.com/drupal-patches-vulnerabilities-leading-information-disclosure |access-date=20 January 2023 |website=www.securityweek.com}}

{{Portal|Free and open-source software}}

• Backdrop CMS Drupal 2013 fork
• Comparison of web frameworks
• List of content management systems

{{Reflist|2}}

• Abbott/Jones (2016), Learning Drupal 8, England, Packt Publishing. {{ISBN|978-1-78216-875-1}}
• {{Cite book | last=Pol | first=Kristen | title=Drupal 7 Multilingual Sites|location=Birmingham, England|publisher=Packt Publishing|year=2012|isbn=978-1-84951-818-5}}
• {{Cite book | last=Mercer | first=David | title=Drupal 7|location=Birmingham, England|publisher=Packt Publishing|year=2010|isbn=978-1-84951-286-2}}
• {{Cite book | last=Travis | first=Brian | title=Pro Drupal 7 for Windows Developers|location=Berkeley|publisher=APress|year=2011|isbn=978-1-4302-3153-0}}
• {{Cite book | last=Butcher | first=Matt|author2=Larry Garfield |author3=John Wilkins |author4=Matt Farina |author5=Ken Rickard |author6=Greg Dunlap | title=Drupal 7 Module Development|location=Birmingham, England|publisher=Packt Publishing|year=2010|isbn=978-1-84951-116-2}}
• {{Cite book | last=Bhavin | first=Patel | title=Drupal 6 Panel Cookbook|location=Canada|publisher=Packt Publishing|date=Aug 2010|isbn=978-1-84951-118-6}}
• {{Cite book|last=Beighley|first=Lynn|title=Drupal for Dummies|location=New York|publisher=For Dummies|year=2009|isbn=978-0-470-55611-5}}
• {{Cite book | last=Herremans | first=D. | title=Drupal 6: Ultimate Community Site Guide|location=Switzerland|year=2009|isbn=978-2-8399-0490-2}}
• {{Cite book | last=Peacock | first=Michael | title=Selling Online with Drupal e-Commerce|location=Birmingham, England|publisher=Packt Publishing|year=2008|isbn=978-1-84719-406-0}}
• {{Cite book|last=VanDyk|first=John K.|title=Pro Drupal Development, Second Edition|location=New York|publisher=Springer Verlag/Apress|year=2008|isbn=978-1-4302-0989-8|url-access=registration|url=https://archive.org/details/prodrupaldevelop00vand}}
• {{Cite book | last=Kafer | first=Konstantin|author2=Emma Hogbin | title=Front End Drupal: Designing, Theming, Scripting|location=Jersey, USA|publisher=Prentice Hall|date=Apr 2009|isbn=978-0-13-713669-8}}

{{Commons category}}

• {{Official website}}

{{Application frameworks}}

{{Software in the Public Interest}}

{{Authority control}}

{{DEFAULTSORT:Drupal}}

Category:2000 software

Category:Blog software

Category:Cross-platform software

Category:Free content management systems

Category:Free software programmed in PHP

Category:PHP frameworks

Category:Software using the GNU General Public License

Category:Web frameworks

Category:Website management

Category:Web development software