When I used to blog 10+ years ago I had a killer list of WordPress blogs I followed but as time went on I sort of gave up on the whole blogging thing and forgot about most of them. Now that WP is part of the fediverse I’m curious, what are some of your favorites?
IIUC the main problem with security (and how most WP sites get pwned) is the plugin ecosystem. There are thousands of plugins out there, which means that among many secure ones, there are also many (very) insecure ones. If you’re judicious and don’t install low-quality plugins, it shouldn’t be a major problem.
WordPress itself has automatic updates turned on by default, so if a vulnerability is patched in WP core, that will land on your site automatically without any effort on your part.
One plugin that’s I use on my WP sites is the free version of the Wordfence firewall. While not really necessary given the above, it does give me a little peace of mind.
All that said, the main draw for WP is to be able to manage a website without having to touch code. If you’re happy to write your pages by hand, a static site generator is definitely a lot more lightweight than a CMS like WordPress.