it's SO easy for anyone to stand up a quality, functional website
And its also really easy for it to be left without updates or security patches, with an insecure admin account password, and with a set of plugins that open up more security problems.
It might be a bit harder to get up and running with a static site generator but the fact that it's essentially unhackable (through the site itself; the host server has the same issues as any website) is a massive advantage.
The fact that other platforms and applications are insecure isn't relevant; we're comparing static sites to WordPress.
However, to answer the point, static sites are significantly more secure than every single dynamic platform that supports a plugin architecture because plugins can be, and often are, written without security in mind.
Unless you really need a dynamic website you should be deploying static assets to the enduser. Practically every business website would be better off being delivered as a static site, even if the admin still use WordPress to edit the content.
I agree that WordPress security is a huge issue, the biggest potential problem is that not when a random website goes down but when someone finds a mass-exploit and then gets access to millions of websites.
> It might be a bit harder to get up and running with a static site generator but the fact that it's essentially unhackable
You could also use WordPress to generate a static site, just add a caching level on top.
And its also really easy for it to be left without updates or security patches, with an insecure admin account password, and with a set of plugins that open up more security problems.
It might be a bit harder to get up and running with a static site generator but the fact that it's essentially unhackable (through the site itself; the host server has the same issues as any website) is a massive advantage.