These do not exist, it's fantastic )) WordPress can be adjusted in competent hands for security and with seo everything is relative to the norms...

How strange is this PHP world of yours. Self-written frameworks are safer than the leading open source projects developed over the years, on which there are millions of sites. I don’t even know if this is more of a compliment to the brave and courageous developers of their own frameworks who have to repeat the difficult path traveled before them by thousands of their own security fighters, or is it a compliment to the infinitely gullible customers who boldly rely on the security of industry leaders solutions based on the fact that thousands of other firms with serious names use the same solutions.

Bare html and css. Hack impossible

Try MODX.
It is not as popular as WP and Joomla.

The main rules of secure systems:
1. All important data only on the server in encrypted form
2. All requests only via https
3. Checking passwords for strength, two-factor authentication, fast session decay
4. And yes, usually such systems are always self-written, since third-party decisions cannot be trusted

Self-written ... For the one who wrote it knows how it works. And popular CMS hack, a matter of brains and time)

there is one, recently discovered for myself - non-commercial DotPlant2 , on the Yii2 framework, you can add anything if there is not enough functionality, it is already sharpened for SEO by developers, there is SEO generator functionality, edits are made easily, the admin panel is simple, but the only negative in my opinion is hosting demanding.

As for vulnerability, no one will give an exact 100% answer. Yes, and a 100% secure system is a system on one computer without network access, closed in a bunker)))
Personally, I would advise using the Laravel framework. Fast, convenient, practical. Recently, it has been developing quite quickly and is gaining popularity in Russia.
From CMS I advise October. October CMS is a system written on the Laravel framework.

Ok, if you take some kind of framework and write on it, will it remove at least a little the likelihood of hacking ease?

Safe - only in words and paper, in our world there is nothing safe, everyone can break.
And if the case, then take the most popular cms, if you want cms and that's it, just take all possible measures to increase the complexity of hacking.