← All insights
Security & Trust

Government Doesn't Run WordPress. It Runs Drupal. That's a Different Problem.

We scanned 49 government sites across 6 regions. Drupal dominates — not WordPress. The migration path, the risks, and the politics are completely different.

· 6 min read
Share on X LinkedIn

The Assumption Is Wrong

The popular narrative is that government websites run WordPress. Our scan data says otherwise. Across 49 government sites in 12 countries, Drupal is the dominant framework — not WordPress, not Joomla.

14 of 49 (29%)
Government sites on Drupal
Source: WebPulse regional + ASEAN scans. europa.eu, governo.it, Australian gov, Sorbonne — all Drupal.
9 of 49 (18%)
Government sites on Next.js
Source: WebPulse scan. Singapore gov.sg, data.gov.sg, mof.gov.sg — all Next.js. The outlier that proves the model.
4 of 49 (8%)
Government sites on Joomla
Source: WebPulse ASEAN scan. Philippines government — dbm.gov.ph, dof.gov.ph on Joomla.

Why This Matters

Drupal and WordPress have fundamentally different risk profiles. Drupal has 1,374 CVEs (vs WordPress's 18,005). Drupal's architecture is more modular. Drupal's security team is smaller but more focused. The migration conversation for a government on Drupal is completely different from one on WordPress.

Lumping all legacy CMS together misses the nuance that government IT leaders need to make decisions. A Drupal 10 site and a WordPress 4.x site are not the same risk.

The Singapore Exception

Singapore's GovTech agency made a policy decision to build on modern frameworks. Every Singapore government site we scanned runs Next.js. This isn't a technology decision — it's a governance decision. No other country in our scan shows this pattern. The question isn't 'what framework' — it's 'what policy drives the choice.'

The Real Government Migration Question

For most governments, the question isn't 'should we leave WordPress for Next.js?' It's 'should we upgrade from Drupal 7 (EOL January 2025) to Drupal 10, or rethink entirely?' That's a different conversation with different costs, different risks, and different politics.

Share this insight
Share on X Share on LinkedIn
More insights
Security & Trust

WordPress Powers 43% of the Web. It Scores 45 Out of 100.

May 2026 · 6 min
Read insight
Security & Trust

Year 1, Year 3, Year 5: What Happens to Sites That Don't Migrate

May 2026 · 7 min
Read insight
Security & Trust

Plugin Roulette: 27 Doors, and You Don't Know Which Ones Are Locked

May 2026 · 6 min
Read insight
Stay informed

Get the quarterly WebPulse report

Framework health scores, new insights, industry intelligence. No spam.

WebPulse WebPulse

The world's first data-driven digital infrastructure intelligence platform. Scoring what matters for the AI era.

by adyog.com →
Explore
Insights Industries Regions Rankings 2026 Report
Tools
Check a site Score Your Stack Migration Calculator Compare Frameworks EOL Tracker Compliance Matrix
Topics
The AI-First Web Security & Trust Future-Ready Innovation & Growth Business Efficiency
Data
API Methodology
© 2026 adyog. All rights reserved. Scores computed algorithmically. No vendor pays for placement.