90,000 hackers are trying to get into your WordPress installation right now. That's a ridiculous statistic but also points to the popularity of the world's most popular content management system. While we're fairly agnostic about content management systems, we have a deep, deep respect for WordPress and support most of our clients' installations on it.
I don't necessarily agree with the founder of WordPress who largely deflects the attention on security issues with the CMS. While folks can change their administrative login from admin, the biggest benefit of WordPress has always been the 1-click install. If you want them to change the login, that's more than 1 click!
Additionally, I don't like the fact that the login screen is a hard-coded path that cannot be modified. I do believe it would be quite simple for WordPress to allow a custom path.
That said, any agency who builds and supports WordPress sites holds the majority of the responsibility in their hands. We host all of our clients on Flywheel since they do such an amazing job of monitoring for security and ensuring stronger passwords. As well, Flywheel requires you to utilize a different login than admin when you create an WordPress instance with them.
We have other clients that have had severe issues with WordPress… bugs, performance issues, and difficult administration. All of these aren't WordPress issues, though. They're WordPress developer issues. One of our clients is a sales proposal platform – and they have some very customized content throughout their site. Designed by another agency, the administration of their pages are quite simple using some advanced custom fields:
Using Advanced Custom Fields, Gravity Forms and some good theme development, DK New Media was able to build an entire job staffing site for a client. It works flawlessly and their staff said that the administration is a dream.
Your WordPress site and your WordPress security are only as good as the infrastructure it's built on and as good as the development of the theme and plugins you've included. Don't blame WordPress… find a new developer and a new place to host it!