If hacked sites were really that much of an issue, then WP wouldn't be as popular as it is for business sites.
In any case, if you have a mature website, it's going to be complicated to switch from WP to Squarespace and vice versa. But with WP you still have the flexibility to host wherever you want, on whatever you want.
All of this is 100% correct and if its easier / easy enough for you then that works. I wasn't really making the case that it was explicitly better for everyone, but it is awesome for my clients.
For backup, I either end up paying as much as Squarespace (WPEngine) or have to keep an eye on it to make sure its working.
I have no global stats on Wordpress hacks, of the clients I have running it (40???) I think probably 10 have been hacked. Zero have been hacked since moving to WPEngine (which is the first thing we do when we take over management), which is certainly something.
I'm not sure what the exact definition of mature website is, but I'm not sure it is that difficult. Certainly if you have 100s of pages, posts, articles etc. then it could / would take a while to make the move. At that point we're just talking about target market. Most of my clients have stopped posting tons of news / blogs because they were only doing it for SEO and it didn't really work anymore. In my world where sites have 25 pages with semi-limited complexity it just doesn't take long to move anymore.
I do certainly have clients with more complicated needs (member areas, ecommerce, etc.) but most of the time I just recommend they link out to that content and use another service (client portal in their main line of business app, shopify, etc.) rather than building it into their site.
>> If hacked sites were really that much of an issue, then WP wouldn't be as popular as it is for business sites.
Business owners have no idea how often they get hacked. They get hacked because business owners want a DIY approach and start installing plugins willy nilly without sandboxing and testing them, making their sites vulnerable to attack
September 2020:
Millions of WordPress sites are being probed and attacked with recent plugin bug
The sudden spike in attacks happened after hackers discovered and started exploiting a zero-day vulnerability in "File Manager," a popular WordPress plugin installed on more than 700,000 sites.
~1 year ago there was a zero-click (rce I think?) for easy smtp. At the time it was the most popular plugin for smtp setup on Wordpress, I can't imagine how many sites have that plugin installed without updates.
If hacked sites were really that much of an issue, then WP wouldn't be as popular as it is for business sites.
In any case, if you have a mature website, it's going to be complicated to switch from WP to Squarespace and vice versa. But with WP you still have the flexibility to host wherever you want, on whatever you want.