I’m not a fan of WordPress, which feels like this:

Think twice

WordPress is a slow as molasses, security target with downright ugly frontend code. However, a massive percentage of the web runs on WordPress. For a straightforward blog, it’s pretty decent and streamlined.

Use Statamic

Endless plugins don’t make a good CMS. Statamic does content definition right. 99/100 times it’s the better choice.

Security

Recover from a WordPress hack:

• Change FTP password
• Backup and download a copy of the entire filesystem (for analysis)
• Delete unknown users from WP admin
• Lock down non-critical users (change role to subscriber)
• Change password for all users
• Change database password
• Delete entire filesystem
• Reinstall fresh WordPress
• Reinstall plugins (after vetting)
• Reinstall theme files
• Reinstall uploaded files
• Replace the WordPress keys in wp-config.php
• Replace database password in wp-config.php