I think the root of bad reputation was due to various plugins and their usage pattern:
lots of non-tech users heard that they can use plugins X Y Z for fun and profit, so they started to use them, but no one told them that managing dependencies requires some skill or at least discipline; that the fact some 3rd party pluggable software exists doesn't automatically mean it's good, viable, maintainable and safe; and that things in IT don't work by means of cargo cult, copy-pasting without underdstanding and by crossing fingers. So, there was a fallacy: these people believed (and many believe until this day) that they can remain being non-tech users while maintaining their wordpress-with-plugins installation, but it's impossible; one needs to become tech-aware in the process.
I am not sure what WP community did to dissolve this fallacy; maybe they did something. maybe didn't.
We've expanded our HackerOne and other security apparatus to cover the top 100 plugins directly and do our best to work with every plugin in the directory, including many contributions from web hosts who of course want their sites to be secure. The update system has become very robust, and all the top hosts also protect their sites at the network layer so many CVEs are blocked even if the code hasn't been updated yet.
lots of non-tech users heard that they can use plugins X Y Z for fun and profit, so they started to use them, but no one told them that managing dependencies requires some skill or at least discipline; that the fact some 3rd party pluggable software exists doesn't automatically mean it's good, viable, maintainable and safe; and that things in IT don't work by means of cargo cult, copy-pasting without underdstanding and by crossing fingers. So, there was a fallacy: these people believed (and many believe until this day) that they can remain being non-tech users while maintaining their wordpress-with-plugins installation, but it's impossible; one needs to become tech-aware in the process.
I am not sure what WP community did to dissolve this fallacy; maybe they did something. maybe didn't.