WordPress is the most popular blogging platform, and as one who’s tried virtually all of them you’ve heard of and a bunch you haven’t, I’ll also argue it’s the best.
From a security point of view, it has issues. That goes with being popular. But there are resources that can help, as well as general principles to keep in mind.
Install only plugins that you really need. The core platform itself has a decent security track record, and certainly gets updated rather quickly when issues come to light. But some plugins are better maintained than others. So don’t install every plugin in the world just because it looks kind of cool. Find the functionality you need, install plugins that get you that functionality, and install no more.
Keep your plugins and themes up to date. When you see updates available, don’t hesitate to install them. Staying up to date is the best way to stay secure. There’s a myth that updates break stuff, but I see stuff break without updating all the time. If the plugin wasn’t trouble-free, they wouldn’t update it.
Yes, your theme matters too. There can be security vulnerabilities in WordPress themes. But the simpler the theme, the less likely it is to have issues. And if you’re not using a theme, uninstall it. It’s less stuff to maintain.
Stay aware. Finally, stay aware of what’s going on. There’s a database of WordPress vulnerabilities. Use it. If you’re installing a plugin, make sure the current version doesn’t have known vulnerabilities in it already.
David Farquhar is a computer security professional, entrepreneur, and author. He has written professionally about computers since 1991, so he was writing about retro computers when they were still new. He has been working in IT professionally since 1994 and has specialized in vulnerability management since 2013. He holds Security+ and CISSP certifications. Today he blogs five times a week, mostly about retro computers and retro gaming covering the time period from 1975 to 2000.