With WordPress (or any CMS) keep in mind that if you don’t really need visitor-facing dynamic features (like comments), then you can self-host the admin and content editing completely privately, and only export a static “dump” of the finished website pages as plain HTML/CSS/JS and images.

You can serve these static files fairly efficiently yourself with a small HTTP server, or upload to a CDN service which will take care of things like redundancy, availability, replicated content for faster access from certain geographic areas, you won’t care about denial of service or bots etc.

Meanwhile your CMS software is completely isolated from break-ins or drive-by bot attacks. As a perk, you can experiment with different CMS freely without fundamentally changing your approach, because they all produce static files one way or another. You can try for example Hugo, or a fediverse-enabled microblogging app like Pleroma, Misskey or even Mastodon.