I'd love to replace my company Skype with a client/service that has an API, that I can script bots for, and has great support for both mobile and desktop.
Saying recent here isn't logical, because after patching the incident, it's not an incident anymore. But I guess you mean how secure you are with a recent version of Wordpress. I think this is though question, because Wordpress relies to a high degree on external components and plugins. There is probably no single pure Wordpress Blog, because the original Wordpress archive already relies heavily on external dependencies. That's where many of the issues were found as correctly pointed out by wyck. However this reliance on external code, without a Wordpress team or at least a software that is evaluating the code-quality or any other metric, you can't be secure. Yeah we can argue with: "But Wordpress is n-times more popular than X." However it still makes WP very vulnerable to attacks. I've cleaned and recovered some hacked commercial wp blogs and shops myself (not installed by me, but the previous dev). So whatever you believe in WP may be, just get over it. There are so many other opensource alternatives that wait for you to be tried out.
Show me an alternative that I can sell to a non-technically minded client with a small business who just wants to blog and put up a youtube feed and do e-commerce and maybe SEO. And oh, they can't ever even know what a terminal is, much less git.
Without exaggerating, I've downloaded almost any CMS on Github and Bitbucket and Sourceforge and I'm almost done with testing all of them. I think about 15 remain. With all honesty, I cannot say that I'm impressed with any CMS so far. There is just one thing that stood out, with it's concept, but it's still only Alpha grade quality, that's: http://parsimony.mobi/
I've you're curious what I ended up with, just ping me and I'll share my results, after I've really compared all CMS with each other. Currently I would say that there are about ~10 good quality CMS, with hundreds of miserably coded ones. That is a good benchmark, for how good developers are in the real world, I mean there is only so much space at the top of the iceberg. Not everybody can excel with every project they start (well, except people like Fabrice Bellard)
I've not compared Typo3, Alfresco and other Enterprise CMS, because even when they come with all features loaded, they suck at code complexity and user friendliness
You can't tell me that Wordpress is the only blogging platform that fits to all of your requirements, because there are thousands of CMS out there and you'll spend weeks testing all of them.
I'm not actually a Wordpress fanboy by any means (though it does pay the bills) - for my own personal use i'm setting my site up in Slim Framework. Professionally, though, i've found that if someone wants to blog or do "e-commerce", talking them out of Wordpress (and into something they're still willing to pay for) is a difficult thing to do.
Why should the client know git or anything else if you are the one who has to setup the blog for him/her? Or are you working with clients only who know html, css, ftp etc so they can do the work themself just being lazy and paying you instead?
I think they don't want to be intimidated by complexity and don't want to have to pay someone more to deal with it for them in the future. Typically they want to be able to administrate the site themselves, and they can do that through web forms easily enough.
I doubt the purported "insecurity" of Wordpress has anything to do with this. Given that they simultaneously defaced a multitude of social media outlets for Skype, it seems fairly likely that they phished or compromised someone who managed social media accounts.
I do, since it happened to me 9 years ago when I was as naive about the industry as you. First National Bank of Omaha, the largest privately held bank with $17bn in assets, if you're curious. The several thousand dollars of customer payments they had not yet disbursed was held for exactly 180 days before they released it to me.
Do you not recall because you haven't read your own agreement, or because you haven't actually opened a merchant account with a bank before? You don't have to take my word. Type ["merchant account agreement" 180] into Google to see some 40,000 examples of bank contracts with that same hold period written into them.
I've worked in a bank, and we did freeze accounts on money laundering suspicions - it's not even a choice, the law requires to do so in certain conditions.
And the OP case description is quite unclear, but the details sound like that it might be not "assets frozen while check if business is legit", but actually a threat of "charges filed against owner for circumventing anti-money laundering laws and assets confiscated".
