I recently had two of my sites hacked one of them was using WordPress and this happened about six months ago, so I was thinking that it was because I was using WP with a poor user name and password, two days ago the other one was also hacked and on this one Iím not using WP, I also had a poor Cpanel password (5 letter password). So after this I will start using strong passwords but I was wondering if this is really where the hacker got into my site.

I would like to understand more about web security because right now all I know is that a strong password needs to be used and thatís it.

1 - What are the different ways a hacker can get into my server?

2 - What are the steps on securing your server, or is this something the host company takes care off?

3 - What are the general steps setting up a new site for the first time to make sure it will be secured (I know nothing is 100% secured)?

4 - Where can I get more information on web security? Is there a good book that you guys recommend?

Thanks a lot!