Register now or log in to join your professional community.
Security is hands down the biggest differentiator between WordPress or Drupal. Drupal has enterprise level security and site scale. Numerous government websites are built with Drupal, with the most famous being Whitehouse.gov.
With WordPress, hackers can target a vulnerability inside a plugin and wipe out hundreds of thousands of sites. There’s some street cred behind the damage that can be done to the WordPress ecosystem.
Within the past few years, there have been a rise of platform specific hosting applications that help manage your security risks. For Drupal, our favorites are Acquia and Pantheon. For WordPress, WP Engine was one of the first to offer a managed WordPress platform, and MediaTemple recently launched a WordPress service. Most security vulnerabilities happen at the server level, and hosting with one of these companies will help mitigate against waking up to a mess.
I personally find that Drupal is more secure than Wordpress but this doesn't mean that it doesn't contain vulnerabilities. Another thing is that you can also secure your WordPress site by avoiding use of many plugins and by choosing the most recommended and trusted themes only. There are also many simple tips to ensure the security of your WordPress site. Good luck!