I'm curious why you think it's awful? I used the one-click Wordpress install on DO and put up a custom-coded theme. The site gets around .5m visits a month and I've never run into any problems.
WP was not designed for modern deployment for a number or reasons. Wordpress is definitely not a 12 factor app. And there is nothing that can be really fixed by plugins. to fix this, one has to break WP core apis. WP is "a deploy once with ftp/sftp" cms.
I think a lot of developers--myself included, for a long time--don't really appreciate why this is the reason WordPress is as popular as it is. The vast majority of the criticisms people make of WP are valid, but good luck finding something else as easy for a non-developer to not just install and configure, but to actually maintain in a relatively secure fashion. (I also don't think developers appreciate how good modern WordPress is as this -- not to say that it's perfect, by any stretch, but once it's set up correctly the damn thing is self-updating. As long as you stick to popular, actively-developed plugins and put effort into keeping them updated -- which is frankly a pretty low bar, since it's about three clicks on the dashboard -- WordPress isn't likely to be a serious security concern.
I don't see how WordPress's general audience would be in the least concerned about its failure to be a "twelve-factor app," do you?
