Most common hacking problems:
- Weak Passwords
- Outdated WP version
- Being on a shared hosting
- Incorrect File Permissions
- Untested or Buggy Plugin-ins
- MySQL Injections
- FTP hacking
And the list goes on and on as hackers always find loopholes to dig in. The funny thing is that these hackers do it for the fun of the game not to really do any harm but its embarrassing to a business when a customer goes to the homepage to find a hackers message.
So what to do if your WordPress is hacked ?
First, this to do is change all of your passwords including server and FTP not only your WordPress. Second, take your site down and put a simple html “under maintaince” page so people dont see the hacked message. Third, go to your backups(assuming you have backups) and restore everything back to normal starting with WP files as well as database files. If this fails then you have to ask for professional programmer or WordPress expert to fix the issue.
Installing WordPress is one thing but keeping it safe its a whole different animal and appropriate security patches need to be added for future prevention. Hope this helps and if you need any help with WordPress let us know!