Wordpress has way to many security problems, especially if you use plugins, as that I would want to administer it myself. Especially since wordpress is so popular and you can assume that vulnerabilities are actively exploited very quickly.
A static site generator, something hosted or even a more modern, less popular platform takes away a lot of that pressure.
Automattic, the company behind WordPress, has a good security team and an active bug bounty program. They respond to reported vulnerabilities, especially serious ones, extremely swiftly. Furthermore, a good hosting service will eliminate almost all the security issues Automattic doesn't catch.
If you get a good host (e.g. WPEngine) you can automate backups and security updates, and the host will constantly monitor your account for suspicious activity and known-vulnerable plugins. It will even notify you if you install an unsafe plugin and automatically uninstall it.
I run my own information security blog on WordPress. I have comments disabled, I'm careful about what plugins I install (because let's be honest, there aren't many you really need) and WPEngine constantly scans my entire installation for suspicious activity or evidence of an intrusion. Aside from a 0day, there isn't much an attacker can do to compromise me.
Looking past alleged security issues, WordPress is a very established, robust and mature CMS for people who want stability and customization for their blog platform. I highly recommend it.
So you don'd administer it yourself, but use a managed service. Which is exactly what I suggested as an alternative, because it means that you have someone monitoring it and taking care of it and don't have to take care of quickly installing updates and stuff.
A static site generator, something hosted or even a more modern, less popular platform takes away a lot of that pressure.