I'm considering how I should handle authentication / account management for a PC multiplayer game I'm developing.
The use case:
I want the players to have accounts, enabling them to play the game as well as log on to the webpage and post on the forums.

In case of Steam users I also need the account to be linked, both to verify game ownership and to make life easier for the players.

Wordpress seems to be an easy way to handle this, forums that integrate with WP (BBPress etc.) are available, but I'm not entirely sure if it's the most secure way.
It can also be integrated with the game servers and clients using Rest etc.
I very much doubt that I will be able to create anything that is fundamentally more secure than WP, but on the other hand WP is also a very popular target, and vulnerabilities in WP and plugins are found once in a while.

Any pros or cons I haven't thought of?

WordPress is a pain in many ways. It has had some of the most outrageous security problems in the industry. It is written in one of the slowest languages available (PHP is slower than Python, only Ruby is slower than PHP!) It hits the database really hard for everything, making it even slower. Its extension model is a combination between way too low level (CSS that must match up to their chosen tag format, etc) and too high level (functions with magical names do magical things in magical contexts.)

Sure, you can build a system on top of WordPress. And you can install a forum. And you can write some kind of authorization plugin that works for your game (or maybe there even exists some plugin you can use for this -- WordPress does have a lot of plugins!) Some measurements also say that 60% of all websites use WordPress! That's generally speaking the worst 60%, mind you, and includes tons of SEO spam, because it's so easy to create fake websites on WordPress hosts, but it's still an impressive number. It is totally possible to do, and it's unlikely to be the limiting factor for adoption of your game -- your game itself is quite likely to be the main challenge, all things considering.

But if there's any other option, I would look at those for comparison. How about a Facebook page as your user forum, and using "sign in with Facebook" and some kind of oauth2 solution? (That will be hard if your game doesn't embed a browser, of course.) How about one of the general back-end solutions, like Google Firebase, or AWS Amplify, or whatever? If you were on mobile, Google Play Services would be obvious, but for PC, it's not a convenient solution. How about Steamworks?

If you're not looking for a hosted solution, just ready-made software, tons of other options exist, including Django (Python,) Drupal (PHP) and Discourse (Ruby.) Or start with a forum you like that you can install, and build an alternative web service that the game can use to verify username/password.

Thanks for the comments. I'm not sure hosted solutions like Firebase etc. will suffice since I need customization options and database access for the account system (or at least total data ownership). Also Facebook etc. is not really an option because I need the authentication module to also serve as the authentication backend for the PC game. The latter is actually the most important requriement - I can live without dedicated forums but I can't live without authentication for an online PC game
I looked into Drupal and it does look interesting, seeing that forum is a core module. Both WP and Drupal support custom authentication too it appears.