> That's it's main redeeming feature. It's horrible for technical people to deal with but it's main feature is that non technical people are able to use it without requiring assistance from technical people.
Which also makes it kind of a Black Swan risk: it's fine for the majority of times. Preferable, because it leaves you to do other work. But when sh*t hits fans, it hits it bad. If you cannot afford your tech-staff to spend two hours a week supporting the website, you certainly cannot afford them to spend days cleaning out some backdoor, infected servers, acquiring untainted IPs, getting off spam-lists and so on. Or afford the ransom if hit by a crypt-locker.
> All I do is makes sure it stays up to date, is configured properly, and make sure backups happen.
And that is more than most do. But, unfortunately not enough. Given the amount, frequency and severety of holes and exploits in the larger WP ecosystem. All you might be doing, is backup that ransomware, spamscript or backdoor for months. Encrypted, offsite and incremental, probably.
Which also makes it kind of a Black Swan risk: it's fine for the majority of times. Preferable, because it leaves you to do other work. But when sh*t hits fans, it hits it bad. If you cannot afford your tech-staff to spend two hours a week supporting the website, you certainly cannot afford them to spend days cleaning out some backdoor, infected servers, acquiring untainted IPs, getting off spam-lists and so on. Or afford the ransom if hit by a crypt-locker.
> All I do is makes sure it stays up to date, is configured properly, and make sure backups happen.
And that is more than most do. But, unfortunately not enough. Given the amount, frequency and severety of holes and exploits in the larger WP ecosystem. All you might be doing, is backup that ransomware, spamscript or backdoor for months. Encrypted, offsite and incremental, probably.