Russian roulette with 526 empty bullets is more secure than with only one. :-)
I did not mean to imply that Drupal is generally bad and nobody should use it. I just thought it might be relevant that Drupal - like Joomla and WordPress - has had an awful security record over the past decade.
I'm a self-taught Front End & JS Dev and professional learner with accessibility expertise. I'm passionate about breaking down concepts into relatable concepts, making it more approachable.
It's probably helpful context to know that I've worked with Drupal the past 6 years. I've seen the good, the bad and the ugly. I think PHP, in general, gets a lot of bad reps because of how awful it was at once point. I'm also a front-end dev, so I hardly do PHP since now that Drupal is mostly object-oriented, I don't need to write it for basic things like templating.
But like you said "over the past decade".... the troublesome part is technology that lasts as long as PHP has will have some reallllly dark times haha. I'm really happy to see how Drupal has evolved, and the security team works SUPER hard to find bugs and release patches. The edge WordPress has is they automatically update for people (I think, I don't do WP). Drupal doesn't do that yet, and so if you don't patch something immediately because of lack of budget, your org could be screwed.
BTW I am not saying you're wrong here, and I wanted to clarify that because the internet can misconstrue things easily. Just discussing.
I really like the Drupal Community. If I were to ever leave, that is where I would miss it the most. I also work with really intelligent people, many of whom are on the security team, and they do great work.
The edge WordPress has is they automatically update for people (I think, I don't do WP).
WordPress finally has automatic security updates now (which can be turned off) - but that only affects minor updates. And they won't maintain multiple versions in parallel. WordPress 4.9.x to 4.9.y will be updated (= security-fixed) automatically - but none of the plugins will. And once WordPress 5.0 has been released, 4.9 users are doomed without manually updating (which can be an annoying task for more complicated setups, like multi-site WordPresses).
I'm a self-taught Front End & JS Dev and professional learner with accessibility expertise. I'm passionate about breaking down concepts into relatable concepts, making it more approachable.
Russian roulette with 526 empty bullets is more secure than with only one. :-)
I did not mean to imply that Drupal is generally bad and nobody should use it. I just thought it might be relevant that Drupal - like Joomla and WordPress - has had an awful security record over the past decade.
It's probably helpful context to know that I've worked with Drupal the past 6 years. I've seen the good, the bad and the ugly. I think PHP, in general, gets a lot of bad reps because of how awful it was at once point. I'm also a front-end dev, so I hardly do PHP since now that Drupal is mostly object-oriented, I don't need to write it for basic things like templating.
But like you said "over the past decade".... the troublesome part is technology that lasts as long as PHP has will have some reallllly dark times haha. I'm really happy to see how Drupal has evolved, and the security team works SUPER hard to find bugs and release patches. The edge WordPress has is they automatically update for people (I think, I don't do WP). Drupal doesn't do that yet, and so if you don't patch something immediately because of lack of budget, your org could be screwed.
BTW I am not saying you're wrong here, and I wanted to clarify that because the internet can misconstrue things easily. Just discussing.
I really like the Drupal Community. If I were to ever leave, that is where I would miss it the most. I also work with really intelligent people, many of whom are on the security team, and they do great work.
WordPress finally has automatic security updates now (which can be turned off) - but that only affects minor updates. And they won't maintain multiple versions in parallel. WordPress 4.9.x to 4.9.y will be updated (= security-fixed) automatically - but none of the plugins will. And once WordPress 5.0 has been released, 4.9 users are doomed without manually updating (which can be an annoying task for more complicated setups, like multi-site WordPresses).
lol, don't get me started on Gutenberg....I have so many accessibility rants regarding that.
Yup. I can't even right-align a thumbnail with that thing.