Nothing do to with ISPConfig. It depends on your PHP setup.
You probably have mod_php where PHP scripts run under the Apache user.
You need PHP-CGI for example, where scripts run under their actual owner.
Your solution does however include a possible security issue.
If there's a vulnerability in Wordpress somewhere (and we often use older WP-versions for updating and testing), all your files might be endangered...
I do agree with you that, in the first place, the software itself must be secure, whatever the server settings are.
But the general opinion is that mod_php is the least secure because you have to chmod your files/folders to 777.
With ISPConfig I would recommend PHP-FPM ("yum install php-fpm" if you're on CentOS) in dynamic mode, like this: http://i.imgur.com/eUTg9NE.png This will give you a good performance and also more security than mod_php and furthermore resolve your permission issues.
█ JavaPipe LLC: Global Tomcat Hosting & DDoS Mitigation Solutions
█ In business since 2001 | Contact us: salesrequest[at]javapipe.com
█ Remote Protection | Dedicated Servers | Virtual Servers | Unmetered VPS | Tomcat Hosting