Boss insists on using WordPress for every project cause it powers 25% of the web.

Googling "Wordpress hack 2016" brings up an article on Ars Technica reporting that "disproportionately large number of websites" running on Wordpress are delivering crypto locker ransomware.

Popularity shouldn't automatically be considered a deciding factor in our field.

Well, every cms is vulnerable. Wordpress is just very popular and that makes it a target.
Wordpress is well supported, many plugins and themes.

If it powers 25% of Internet then you should use it one in every 4 projects

@Linux Unfortunately the quality and security of the plugins themselves are a pretty big issue. There are just a lot more solutions out there and Wordpress benefits from name recognition with those that shouldn't make technical decisions.

What's a good alternative to Wordpress though?

maybe https://craftcms.com ?

@noonesboy
the only security plugin that works is ithemes security. The rest is up to the server itself

To them who chooses a special cms, please learn it. And dont blame the sysadmins if the site is hacked.
/ sysadmin

@jamesc892 I've brought up using that a few times in conjunction with Jekyll and get shot down every time for no real reason.

keep the lights on during night coz it powers 100% of world?

@xroad I've had a lot of fun with ProcessWire. It's a CMF/CMS that you build using an API styled after jQuery.

@jamesc892 Definitely will check those. I haven't seen any downsides to performance or complexity with PW but the sites I've built are relatively small. Would still recommend.

Nevertheless- the alternatives to WP are endless...