[deanhills]

Just a fair warning about Wordpress and plugins. Even some of the biggest plugins and most active plugins have issues that for weeks or even months have sometimes left thousands of blogs or even more than just thousands open for attacks. Basically running a Wordpress blog with plugins is more of a security risk than running a straight up Vanilla blog.

There is a great site: https://wpvulndb.com/

No warning needed @"Hidden Refuge"  I've also said so in my response.  Using WordPress is a risk, and as far as possible I try to make it a calculated risk using tools that are at our disposal at the WordPress site.  Experience and learning are two very valuable tools.  Since WordPress is such a widely used script with possibly millions of users there are more than your average exploits going on, but there are also powerful tools that are being developed by expert users and developers to mitigate against those exploits. Not all of your users are necessarily inexperienced or lacking in IT sophistication - and some WordPress experts are making a living out of being genuine experts of WordPress. Key if you are a supporter of WordPress is to study their research or do training that is offered, know what the limitations are of WordPress, and try and avoid them as much as you can.  As said before you can mitigate against those but you can never eliminate the risk.  Also the more fancy you get with plugins and themes, the higher the risk.  I use the minimum of plugins, on a calculated risk vs function choice.  

But yes, compared with having a static site WordPress is a big risk - its greatest risk is the appearance of simplicity and ease but it can be misleading.  With a static site most of the time you can leave it unattended for extended periods of time.  But with WordPress you need to attend to it much much more often - and if you think you're going to be away for an extended period of time, you will need to turn off/disable all of the interactive plugins and comments.  From a shared host point of view WordPress has to be highest on the list of hacked sites when members of a post2host shared hosting forum abandon their hosting accounts for extended periods of time without putting their WordPress script, themes and plugins on automatic updates.  The more interactive the WordPress site is, i.e. when you are connected with social interaction through comments, or participation of members, the more regularly you have to attend to the Website, possibly daily monitoring is needed.  Using a WordPress script is risky for sure.  But depending on how you use it you could minimize those risks - not eliminate them, but protect against those.  And there are many tools available for that.  You just need to do your homework on what is available, follow common sense rules, and be vigilant all of the time.