[coldtea]

>Most people have their first contact with all this when their site is hacked (plugins not updated for years)

Well, Wordpress can know auto-update the plugins...

[reilly3000]

The problem is most Wordpress plugins are abandoned. Most sites default to auto updating plugins, but if the plugin author isn’t pushing security patches it’s a big vulnerability.

Wordpress plugins are notoriously bad at input sanitization. Even many large, commercially supported plugins get abandoned or simply aren’t secure.

[AnonHP]

> Well, Wordpress can know auto-update the plugins...(sic)

And your site (Or some parts of your site) could break at any point in time without your knowledge and remain broken for a long time until you find that it’s broken. There is no platform that doesn’t require “babysitting” with maintenance and testing.

[coldtea]

The key is to use select few plugins, with huge communities, sure to be updated to the latest version...

You still need to check on them, sure.

>and remain broken for a long time until you find that it’s broken

Well, if you don't find out that it's broken fast enough, perhaps you don't need it anyway!

[todotask]

However, we have a site with visual builder that is no longer under annual subscription.