When it comes to the security of your ClassicPress website there are two important things to understand.
The first is that the security industry has been lying about the security of WordPress for at least a decade and security journalists have helped to spread those lies. The security industry makes false claims of security issues related to WordPress and often then they claim to offer the solution (possibly because it is easier to protect against security issues that don’t really exist). Unfortunately and inexplicably the WordPress team has help to promote companies like Wordfence that have been involved in that. In reality, the core WordPress software has been quite secure, so ClassicPress starts with a good base, though they can fix the lesser security issues that WordPress has allowed to remain unfixed in the core software
That brings us the second thing to understand, which is that security industry doesn’t actually do a good job when it comes to very real security issues in WordPress plugins. Something which security journalists and the WordPress team fail to warn people about (the head of the core WordPress security team works for a company that owns one of those security companies). To cover that up the security industry even goes to the length of lying and claiming they provided protection when their customers were actually getting hacked.
This is where our service comes in since we actually provide a service that will help you to avoid security issues with plugins when using ClassicPress. We do this by alerting to you vulnerabilities in plugins as they are discovered (many of them ones that we have caught as they are being introduced in to plugins), working with developers to make sure those are fixed, and allowing you to help to select plugins to be more thoroughly reviewed for security issues by us.