4) Don't use a stack of plugins, if you must use any keep them as dumb as possible and stick to those with a longstanding reputation.
A basic instance, set to auto-update, installed on a shared webhost where OS/web server updates are someone else's problem is pretty foolproof. A VPS running a long-term distro set to auto update is almost as good.
---
That said I personally dropped Wordpress for static site generation years ago because I realized I didn't actually need any of the dynamic features and wasn't using the WYSIWYG editor. Now I write Markdown in to a file in a git repo and then trigger a regeneration whenever I update it.
A basic instance, set to auto-update, installed on a shared webhost where OS/web server updates are someone else's problem is pretty foolproof. A VPS running a long-term distro set to auto update is almost as good.
---
That said I personally dropped Wordpress for static site generation years ago because I realized I didn't actually need any of the dynamic features and wasn't using the WYSIWYG editor. Now I write Markdown in to a file in a git repo and then trigger a regeneration whenever I update it.