I have decided to leave Wordpress and switch to using Ghost Blog. I have been considering the move for some time, but had been holding out for Ghost blog to get more fleshed out. I have long known that Wordpress isn't very secure, but recent events have prompted me to move a little faster than I had planned.
Why does Wordpress suck at security so much? It's not that the devs are terrible, it's just that it's written in PHP. Why is PHP so terrible? I think that Jeff Atwood summed it up perfectly in his post The PHP Singularity. In more visual terms, PHP is this:
Until the transition is complete, this blog will be put in read-only mode. This means that you can still read the blog, but will be unable to comment, subscribe, etc. Once the transition is complete in the next 24-48 hours, it should switch over automatically for you without any downtime (if I do everything properly).