There are many ways for a hacker to gain access to your website, but there are a few very common methods that can be prevented very easily. Hopefully, if you are resilient and always stay one step ahead of them, you will never have the unpleasant experience of having your website hacked by one of these unruly characters.
The first, most common way to have your website hacked is by activating a virus on your own computer that you use to access your website through the Account Manager or through FTP. This can happen through a multitude of methods, but most commonly it is done through clicking a link in an email that launches a virus, or by visiting an infected website and clicking a link there that executes a virus on your computer.
Once a virus is on your computer, you are usually sending all of your sensitive login information to a hacker through a Keylogger. The hacker then uses that login information to access your hosting account or ftp account to deface your website. The easiest way to defend from this type of attack is to always run a trusted anti-virus software on any computer you use to access your account.
A good anti-virus software will alert you before you even click a virus, and if you do happen to download or launch a virus, it will be intercepted and removed promptly. You can also run regularly scheduled anti-virus scans of your full computer to make sure your computer is always clean and free from malicious software.
If you think you may have been hacked, step one is to run an anti-virus scan on any computer you may have used to log into your account so that you can remove those pesky Keyloggers before you start changing your login information. You never want to change your login information until AFTER you have cleaned your computer of any malicious software, otherwise you are just sending your new password to the hacker when you change it.
The second most common method of having your website hacked is through outdated scripts installed on your website. Most free, open-source scripts are updated regularly to fix security breeches. If you do not keep your installed versions up to date, you become an easy target for hackers. Many scripts have a built in update mechanism that you can use to check for updates, and then do an automatic upgrade once a new release is found.
If you do not keep your scripts up to date, hackers may find your website and discover that you are using an old script that is accessible through injection. They will inject code into your script that grants them access to all of your websites on your hosting account, and then go to work on all of them. Again, you can prevent this by always keeping your installed scripts up to date using the latest versions of each script from the script developer website.
So remember, in order to keep your website from getting hacked, always run a trusted anti-virus software on any computer you use to log into or manage your website hosting account or FTP account, and always keep your installed scripts up to date with the most recent, secure versions from the script developer website.