CATEGORIES
- NYC COVERAGE
- WEB STARTUPS
- WEB NEWS
- CONFERENCES
- WEB TECH JOBS
- VENTURE CAPITAL
- MICROSOFT
- INTERVIEWS
- ADVERTISING
- VIDEO
- ALL TOPICS
- ALL COMPANIES
CONTRIBUTORS
- ADRIAN CHAN
- ALICIA NAVARRO
- ALLEN STERN
- CORSIN CAMICHEL
- DRAMA 2.0
- DARREN HERMAN
- HANK WILLIAMS
- MARK DAVIS
- RICK TUROCZY
- SANFORD DICKERT
- SHANNON CLARK
- Comment on YouTube Down by DVS01
- Comment on Twitter COO Costolo: Advertising Coming To Twitter Soon by Satoshi Nakajima
- Comment on Twitter COO Costolo: Advertising Coming To Twitter Soon by OMG Stop the Web! Twitter is gonna run ads ? and Scoble says you?ll love it
- Comment on What?s Up With Yahoo Mail Delivery? by MJ
Drupal to Wordpress: The Good, The Bad and the Exploited
Since CenterNetworks relaunched in late 2006, we’ve used Drupal as our content management system. I’ve been a fan of Drupal (along with a variety of other CMS systems) and selected it because I wanted a system that could expand past a simple blog. Last week, I switched CenterNetworks to utilize the Wordpress CMS and I’d like to share some of my thoughts regarding the change.
I’d like to first thank several people who have helped tremendously in the conversion and post-conversion efforts. They include Terry Smith, Zach and Rob La Gesse from Mosso, Matt Cutts from Google and Mark Jaquith. Each of them went way above-and-beyond to help me and I very much appreciate their effort.
When Matt Mullenweg provided a demo of Wordpress 2.7 last year in NYC, I immediately fell in love with the administration control panel. The admin panel has been one of my biggest frustrations with Drupal. The Drupal admin feels like it was developed by a developer while the Wordpress admin feels like it was developed by an end-user. With thousands of posts, it was just difficult to manage. We have a variety of excellent contributors and I’d love to be able to let them post their own stories but never was able to get it working in Drupal. Actually I could have easily created an account for each contributor but the usability was at a point that I feared that their stories might never get posted correctly.
The other two major factors that influenced my decision were that the admin can handle timed postings and auto-save. I can’t tell you how many posts I’ve lost over the last two years because I accidentally clicked something and lost the entire post. And many of you know how I feel about broken embargoes so it would be great to actually have timed posting that I can trust.
In terms of theming and front-end capabilities, I’d say that Drupal and Wordpress are basically even. Both have amazing user communities and support channels. It seems like it’s easier to install plugins in Wordpress while Drupal is more extendable in terms of functionality. I do believe that Wordpress is no longer just a blog platform, but a CMS just like Joomla, Drupal, etc.
As my startup continues to grow, the final decision was based around the administration control panel. If I could cut out even just a few minutes out of writing and processing each blog post, it could add up to a chunk of additional time I can devote to my startup. So the decision was made — I will move CenterNetworks to Wordpress. I still plan to support the Drupal community as much as I can and will consider using it for future projects.
I used InsideTransit as my testing ground and moved that from Drupal to Wordpress as well. I will post all of the technical details of the conversion later this week on HTMLCenter. After about 100 (no kidding) revisions of the SQL queries and a lot of help from Terry, we got the conversion done and live.
That’s when the fun started. And by fun, I mean URL hell. You see, it appears that over 1,000 URLs broke because of the structure that Drupal uses for URLs. So one-by-one I had to fix each one – I’ve spent over 48 hours and they still aren’t done – but I am close. What’s interesting is that Google is so fast to index content that as quickly as I fix each broken link, Google was indexing the new link (which was also broken). So close I ordered a celebratory pizza in anticipation for tomorrow.
I thought that once I fix the URLs, my fun would be over and I could get back to writing content and programming on my startup. Again, I was wrong. As I was cleaning up the URLs, I noticed the site template was off in layout. Took a look at the source and hello spam URLs. It’s a good thing I don’t drink :)
I don’t want to share the details of the exploits until I hear back from some of the parties who are investigating the matter. If you’d like the details, send me an email and I will share the details. All of the people I listed above have just been amazing with helping me get the exploit removed and working to get the Google warnings removed. I plan to thank them in the best way I know how — which is to send them NYC transit merchandise. The last piece is to confirm that the Google warnings have been removed.
I will also post later this week my thoughts about Mosso/Rackspace – for now let’s say that they have very good customer service.
So with that, we are now on Wordpress and I think the site should look/act/function the same as before. Replies to comments seems to not be working properly so I’ve turned it off for now. I think the site loads faster than before – give it a try and leave your thoughts in the comments. There is currently no job board on the site – I am working to get one installed and will post an announcement once the job board is live.
Lastly I’d like to apologize for the lack of content around here the last two weeks or so. Now that all of the backend work is done, we can get back to writing content that makes you think. I have a few posts in the hopper this week that will certainly make you think. I appreciate your patience during this transition. Please leave your thoughts and/or any bugs in the comments.
Great story recap – glad it all has worked out for you.
It is interesting to see Wordpress grow from a blogging platform to a CMS. I think in the next couple of years Wordpress will continue to become a full blown CMS.
I’ve been using WordPress since I started blogging in early 2007, and I haven’t looked back. Amazing CMS.
Great to hear you made the transfer.
You are very privileged to have such a great team helping you.
The only thing I could find is the footer:
Cheers and good luck.
There’s a simple work-around to dealing with the URL changes. Wordpress let’s you define custom permalink formats. Simply make it /node/%id so it matches Drupal’s urls. That’s what I did when I converted macmegasite to wordpress.
Developing/extending for both WordPress/Drupal, I can say that your comments about Drupal being a developer-friendly CMS and WordPress being a more user-friendly blogging platform are right on.
Drupal is a very polished and consistent CMS with blogging capabilities. WordPress is blogging nirvana with CMS capabilities. Both communities are incredible.
I spent a good few months in Dev weighing up Drupal, Joomla and Wordpress… Ended up with Wordpress as it was so easy to use, easily extendable to add my own functionality and look and feel but most of all I was impressed by the support out there. I know Joomla and Drupal also have a good support base but like you, one of the key aspects was how easy the Admin screen was and has continued to be – I just hope Wordpress don’t ever think to fix something that isn’t broken in future releases!
Interesting observations Allen, thanks for sharing them. I’ve been using WP for almost a year and really loving it. So do my clients. I still would like to give Drupal a try though. Just takes so much time and effort to get to know a new platform.
I wasn’t able to tell from the article if the spam exploit was perpetrated on your Drupal system or on your Wordpress system. I understand you’ve got to handle security violations in a sensitive manner, but I hope that you’ll write about the nature of the breach in detail at some point. Thanks.
Congrats on the change! It looks really good!
As an avid fan of your work, let me welcome you to the world of Wordpress. I look forward to seeing how you use it to forward the site’s intiatives. I have been using WP from the start on my site, and have no regrets whatsoever.
Congrats allen! I so happy, even happier I wont have to enter a captcha after this comment too :)
Sean – you will always get the captcha and the entry word will be the pet name for your former employer
Agree with a lot of what is said here. I’ve often thought about making the switch from Drupal to Wordpress, but one thing keeps me on Drupal – Security. What I love about Drupal is that they have a very active security team that proactively e-mails you with about newly discovered security exploits in the core and contributed modules. Wordpress doesn’t have anything like that. WIsh they did.
Like previous comment, I would like clarification on which system was exploited. I’m assuming Wordpress. I adore the strides WP has made in the user experience realm, it’s amazing and I use it for a lot of small biz brochure-type sites. Drupal, is amazing as well for it’s power, it’s a CMS on the edge of being a framework and Wordpress is a blogging tool on the edge of being a CMS. So you pick the right tool for the right job.
I do find it ironic that you made the conversion and immediately suffered security problems, tho! Both communities (WP & Drupal) have something to learn here. I wish Drupal and Wordpress would have a love child!
[...] article discusses CenterNetworks going from Drupal to Wordpress and this one discusses Danny [...]
Dave says:
April 22, 2009 at 12:14 pm
To Allen Stern – RE: Drupal to Wordpress: The Good, The Bad and the Exploited
I have had wordpress installed, but have been hacked routinely since January where malicious file links are added to our urls, many of which are porn and torrent file links. Wordpress is a part of my main content website and was being used for a Q & A post. I have disconnected most of the links to this area with the exception of the sitemap page. If I cannot discover how to fix this I will be forced to pull wordpress completely and use an in-house system that I have developed to avoid any vulnerabilities. My guess is that this is happening to a lot of people who have wordpress, they just do not know it because they do not have the google webmaster tools installed on the back end.
Although wordpress and all the other free cms systems are great, I believe that they are sitting ducks for malicious hackers who could easily exploit their weak spots by using automated robots, it’s really not difficult when they understand what to do, and they (the hackers) obviously do.
Before I totally pull down my wordpress and say goodbye to any free cms for ever, I would like to know if you could share more about what you discovered with the Include file and if you really feel that the fix is solved and will never happen again, otherwise I’m forced to shut it down.
Thanks
We’re doing a project which is bringing WordPress a bit closer to a proper CMS. It addresses many of the things you’ve raised here, including broken internal links (our WP Sticky Links), site wide navigation and (not mentioned here) a multilingual system based on Drupal’s i18n module.
I’d love to hear what you think about it!
BTW – regarding loading speed, caching is your friend. It doesn’t matter which CMS you use, if you’re using a good caching plugin / module, the site’s pages don’t go through PHP any more. They are served directly from the hard drive. Still pressed with server load? Apache’s mem-cache module will make this even faster.
Sure Amir – happy to help! I haven’t enabled caching yet – want to make sure everything is in good shape first.
I’ve used both, and think they’re both great platforms. I would agree with you about WordPress being a full-fledged CMS. Something that might help (or might have helped) http://wphacks.com/how-to-move-wordpress-blog-new-domain-name/ It’s a great article on migrating to WordPress. Also has a link in there: http://www.velvetblues.com/web-development-blog/wordpress-plugin-update-urls/ for auto-changing the URLs. Might have helped. Might not, but thought I’d pass around. It was very helpful to me. Cheers!
we began with drupal. It’s great, we loved but.. wordpress is so so so so easy , especially for end user. the dashboard is great and is easy create new plugins and change the themes. we missed features like panels, but with a little of hack we can do it.
[...] CenterNetworks Switches to Wordpress [...]
[...] Our commentary on the good, bad and the exploited in our move from Drupal to Wordpress. centernetwork257:http://www.htmlcenter.com/blog/wordpress-security-change-your-theme-name/ [...]
One of the things I absolutely loathe about Wordpress and won’t use it because of it, is their excessive use of wp- on files, in code, etc. Why must they attach wp- on everything, are they so insecure ? It’s ridiculous, you can always remove them, but there’s too many and if you move the wrong one, things will break. You would also need to remove then in each plugin you use, a real PITA.
Until Wordpress acts like a real CMS, I will not consider them one. For now, they are a limited Blogging platform nothing more. Drupal rules the CMS realm.
[...] The Good, The Bad and The Exploited – My Move from Drupal to Wordpress centernetwork257:http://www.centernetworks.com/wordpress-exploited-284-release RSS [...]