Good on you. WordPress is a fantastic piece of software and I think a lot of the nose wrinkling and hemming a hawing about security comes from people installing suspect plugins.
If you stick with the core product and set a very high bar for which plugins you install, Wordpress is rock solid
Security is indeed something you need to take into consideration. Not only installing plugins, but also pulling in updates regularly (that might contain new exploits).
But you have to ask yourself the question what is most important:
1. A full featured system that is popular (because it's full featured), but might have higher risk on security.
1. A limited system that is less popular (because of the limited features), but has a high regard on security.
Anyway, I don't store personal information and have regular backups. So when the worst hits the fan, I would still be able to recover from that.
You have to ask the question how important security is relative to all the other things. Once I would have ingame currency for example, I will need to beef up my focus on security. But for now, I accept the trade-off.
> hemming a hawing about security comes from people installing suspect plugins
But plug-ins are the reason for using WP and this is often touted. Then people get criticised for using plugins? Indeed the post you’re quoting mentions lots of plugins!
I’ve only very lightly used WP over the years but /every/ plug-in seems suspect
If you stick with the core product and set a very high bar for which plugins you install, Wordpress is rock solid