WordPress is the most popular blogging platform, and as one who’s tried virtually all of them you’ve heard of and a bunch you haven’t, I’ll also argue it’s the best.
From a security point of view, it has issues. That goes with being popular. But there are resources that can help, as well as general principles to keep in mind.
Install only plugins that you really need. The core platform itself has a decent security track record, and certainly gets updated rather quickly when issues come to light. But some plugins are better maintained than others. So don’t install every plugin in the world just because it looks kind of cool. Find the functionality you need, install plugins that get you that functionality, and install no more.
Keep your plugins and themes up to date. When you see updates available, don’t hesitate to install them. Staying up to date is the best way to stay secure. There’s a myth that updates break stuff, but I see stuff break without updating all the time. If the plugin wasn’t trouble-free, they wouldn’t update it.
Yes, your theme matters too. There can be security vulnerabilities in WordPress themes. But the simpler the theme, the less likely it is to have issues. And if you’re not using a theme, uninstall it. It’s less stuff to maintain.
Stay aware. Finally, stay aware of what’s going on. There’s a database of WordPress vulnerabilities. Use it. If you’re installing a plugin, make sure the current version doesn’t have known vulnerabilities in it already.