In early February WordPress 4.7.2 was released after 100,000+ pages across their platform were defaced. Website administrators running self-hosted versions of the platform were advised to update their systems as a "matter of urgency."
We think WordPress is great for a personal blog or maybe a small business that's not overly concerned about their image and just wants something out of the box, cheap and easy. But for law firms, finance firms, and other professional service firms that are judged on perceptions of trust, stability, and security, the risk is simply too great.
If someone suggests you use WordPress as your website CMS, please (PLEASE) consider if you're okay with the very distinct possibility of your site being hacked or defaced. If the answer is no, then your course is clear: find an alternative, [shameless plug] like our "never been hacked in over 15 years" website platform, Eskort.