Due to the prevalence of the LAMP stack being used to run millions of websites, inherent with this is the known attack vectors in PHP and against a server running Apache. Even with a website sitting behind a service like CloudFlare there are still many attack vectors against WordPress itself like brute forcing XMLRPC.php or straight up trying to hack wp-admin.php.
Security concerns aside, the editor in WordPress went from "simple and working" to the complete abomination called Gutenberg. Clients of mine used to the clean inline editor or even savvy enough to use the HTML editor had to now contend with a slow, bulky and unintuitive interface for building posts and pages.
Being a developer, using Markdown was something I'd been doing for years and being able to write posts and pages using this syntax was a no-brainer in the switch to GhostCMS.
Even with Ghost, I've opted for the hosted option, rather than running my own site on my own host simply because I do this work for a living so I'm happy to let the brilliant engineers at Ghost handle operations for me!
I can go on-and-on here about the differences but the folks at Ghost have already done their homework - check it out if you're running a WordPress site and are looking for a potential alternative. I'm loving GhostCMS.
Ghost vs WordPress: