Drupal is the premier open source content management system, used for government websites such as whitehouse.gov, and by organizations like Fast Company, Sony Music, and a number of Ivy League schools. Hexatrope has chosen it for its robust extensibility, flexibility with design, data & functionality, and its security.

Robust Extensibility

Drupal is a popular and actively developed platform that has been engineered to focus on extensibility, and has thousands of existing modules available that provide all variety of pre-baked functionality. Firstly from an engineering perspective, Drupal has been architected to not just be a content management system, with a primary focus on specific uses, but it has been built to act as a generalized framework – providing a core set of functionality that tries not to make too many assumptions about how you will use it. Drupal also expects that you may want to hook into its internal systems in order to change how it works, so it provides a system of granular connection points at which you can inject additional functionality or replace existing functionality with your own. Because Drupal is open source, and is in use by so many projects – from personal sites, to mission-critical government sites, it constantly receives back contributed code that is shared so that the whole community can freely use it.

Flexibility With Design, Data, and Functionality

Because Drupal has taken a generalized approach in its tools, sites are built up out of standard, simple elements that are fitted together into sophisticated systems like working with Lego blocks. In practical terms, this means that instead of dropping in silos of pre-made functionality that don’t necessarily talk to each other, different portions of the site are generally built out of the same pieces, so getting them to share data, and combining their output is much easier.

Another nice Drupal feature is the technical approach it uses called “intercept and override.” What this means, is that instead of going in and hacking around in the core Drupal code to change things (whether in function or appearance), Drupal is specifically engineered to separate your customizations and branch off at key junctures in its functioning to leave the standard approach and detour through your site’s modified behavior instead. This is how theming (customizing appearance) and functional development (customizing behavior) are done. The advantage is that updates are much simpler, since your modifications are not intermixed with the core code, so when patches are applied, they drop in without touching your custom code. It also means that you have a lot of ways you can re-work how you want to approach your user experience, and you have a wide open field of options. Design wise, there is little worry about having a look & feel that is dictated by your CMS.


Drupal is mature software, and because it is an extremely popular open source project, its code has been used and reviewed by countless programmers who have contributed to its security. Additionally, Drupal has made it a core value that it will constantly update its core architecture between major version releases in order to improve functionality, performance, and security. This is in contrast to other CMSs that may stay rooted in older paradigms in order to make module development simpler when jumping versions. Drupal makes more work for module developers at version upgrade time on purpose in order to maintain its commitment to staying the best it can be.

Additionally, the Drupal project has a dedicated security team that analyzes systems, reviews code, and releases security patches in order to constantly stay on top of emerging issues. And the fact that the Drupal user base contains such high profile, failure-is-not-an-option sites (see the beginning of this article), means that scrutiny and handling of security issues is high priority.