Also: “The reason WordPress sites don’t get hacked as much anymore is we work with hosts to block vulnerabilities at the network layer, […]” — as opposed to not putting the vulnerabilities in⁰ in the first place!
----
[0] Though I've not worked with WP for a long time. I'm told the quality control of the core product has improved a lot over the years and people still running old versions, and/or with unverified extensions, is a large part of the current level of issues.
> [...] and/or with unverified extensions, is a large part of the current level of issues
I'm occasionally forced to work with Wordpress, so I'm not an expert or anything, but that's my impression as well. Wordpress was designed for publishing articles but people want to use it as a foundation for building highly dynamic websites.
The paradox of these highly dynamic WP websites is that people usually try to build that way because they don't have the development expertise to make a custom solution, so they need lots of plugins to achieve what they want, but those plugins are often built to such poor quality and security standards that they really need to be reviewed before use, but to review them you need developer expertise.
Also: “The reason WordPress sites don’t get hacked as much anymore is we work with hosts to block vulnerabilities at the network layer, […]” — as opposed to not putting the vulnerabilities in⁰ in the first place!
----
[0] Though I've not worked with WP for a long time. I'm told the quality control of the core product has improved a lot over the years and people still running old versions, and/or with unverified extensions, is a large part of the current level of issues.