Wordpress doesn't have a poor security track record.

Wordpress users have a poor security track record.

Sorry, but the fact speak for themselves. Wordpress itself (excluding plugins) has had more than 10 CVEs this year alone. That's more than one per month!

As an ex-user myself, who built the site and only installed a couple of plugins, I moved my organization to another platform because I was sick and tired of having to babysit what should be a solved problem by now.

I am curious what is this great platform that you've moved to which is apparently bug free?

If it's something like Squarespace then what's really happening is you're paying someone else to babysit it for you.

"apparently bug free" - not at all! By solved problem, I mean like we've solved bridges; they fall occasionally, but I don't feel the need to call my loved ones before each crossing.

My preferred solution would probably Movable Type, but since my org can't afford it and we don't need fancy formatting, it's Nikola + Coil CMS. Easily editable by non-techies and yet there's no code to attack on the site - it's all statically served by Nginx.

We've decided that remote code execution bugs should be a solved problem class now? Fascinating. I'm sure the sendmail dev team will be delighted by this news.

Considering that the last RCE bug in Sendmail seems to have been a decade ago, I'm really struggling to understand your point. If anything, it seems to reinforce mine.

Or I've simply dated myself. :/

I hear you, and yet WordPress usage numbers speak a lot louder than our grumbling about messy codebases.