[deanhills]

Many people are complaining that Wordpress is a security nightmare. Specially if you use plugins with it. It also tends to cause high load, not exactly something you’d want.

I wouldn’t personally recommend it. If you want a CMS, use something such as Joomla. But avoid Wordpress if you can.

I find your criticism of WordPress a bit simplistic. Obviously the way you use the WordPress script will determine how secure it will be. I've been using WordPress since 2012 and have done several courses in it too. You can use it both as a static and a dynamic Website. Static in the sense that it has no users, cannot get any feedback - you have the option to untick or tick boxes to make it completely static except for the fact it's still database driven. I've run most of my WordPress sites in this way. Also, there are plugins and plugins. WordPress has a beautiful system where you can check out the plugins before you use them. One should make sure one only uses a plugin that is listed and "vetted" by WordPress - and the list also shows when last the plugin has been updated. One can also easily check feedback of the plugin and support questions. As well as feedback of the styles and possible conflicts with plugins or overuse of resources. All the info is out there - all one has to do is Google it.

Joomla can be a security issue if the script is not up to date, which is easier to happen as it is comparably more difficult to update Joomla from one version to another (particularly when one jumps versions) than WordPress. With WordPress you can put all of your script and plugins on automatic updates. You also have a huge security plugin like WordFence for WordPress, which has an excellent free version as well, that is really good.

The security literature for WordPress is huge. Literature for WordPress is huge. But yes, if you haven't gone the full rounds of learning how to use WordPress properly, then that could be a security issue in its own right. Ditto Joomla. If you're an experienced user of Joomla then you'll probably be more experienced to know how to use Joomla securely vs when you don't know how to use WordPress. WordPress Dashboard for a first time user doesn't work instinctively. You have to figure it out, or maybe do a few courses to fasttrack learning first. Knowledge as we know is always the best security tool. So yes, beginners of WordPress should tread carefully and cautiously. Ditto Joomla first-time users.