I finally managed to stop using WordPress for my blog.
WordPress suffers (suffered?) from a stream of security holes, which require constant software upgrades. In the end, since I didn't have time to deal with all these issues, I ended up removing write permissions from the WordPress MySQL user account. This way, even if the code was broken into, at least nobody could add hidden spam posts. Every time I wanted to actually post something, I temporarily gave write permissions back, just long enough to post...
I need a setup that's just keeps working, even if I'm too busy for web site maintenance and even if I can't look after my blog for some months or even a year. WordPress is definitely not that solution, at least not if you run your own installation.
The last time I read some WordPress source code and tried to hack it, I found its quality quite low: It suffered from duplicated magic numbers and similar beginner's mistakes. Every little change I tried to make required altering the code in multiple places. Being written in a language with plenty of known issues does not help. Overall, it's software that I no longer want running on my server. I don't trust it enough.
Also, WordPress is much too complex for me because it does much more than what is really needed for a low-volume, one-person blog: A sign-up form? Mailing replacement passwords? An XML RPC interface? I don't need any of these, but they are enabled by default and each is a potential security hole.
So what do I use instead?
A very simple setup: The web server has only static files. No CGI, no PHP. I keep the blog posts in a plain text file and edit it with Emacs. I can search-and-replace in old posts without having to fiddle with SQL. The file format is org-mode compatible, so later on I might add org-mode tags to blog posts. (The format is similar to blorg's, but I'm not using that.)
Managing comments (which is the only dynamic feature of my blog) is done by Disqus. The new setup stopped displaying any comments from before I started using Disqus. Perhaps I'll still be able to import these old comments, using this method.
Everything, including the source of my blog posts, is kept in a git repository, so if you're curious about the Perl scripts or the templates, go ahead and take a look.
This was a fun Christmas hacking project and I'm glad I don't have to deal with WordPress anymore. Maybe the new setup will even motivate me to crank up my posting frequency to more than once a year....