The technology behind a modern website is impressive. The days one could use a bit of HTML and a bit of Flash have long gone. Sadly this newish complexity has made some websites rather more vulnerable to hackers.
I have written about this on more than one previous occasion and this is because of what I see happening. I get approached by website owners to fix their websites after they have been hacked. In truth, unless I have a back up to revert to it is almost impossible to 'fix' properly. One can probably undo the hack but this doesn't fix the websites initial vulnerability.
Recently I was asked about a website that had been hacked and in the process had acquired 13,000 links for Ugg boots. This isn't obvious from looking at the website, but the hack is there. Even if you can't see it, Google can. This website has plummeted on Google with the resulting impact on the business involved. The website was built using a custom made CMS (Content Management System). It was basic but functioned well and I wouldn't knock anothers' work. The probelm arose because the original developer wasn't able to provide the ongoing support with security patches and updates a CMS needs. Rather like your anti virus on your PC. It quickly becomes useless unless you keep it up to date. A CMS is the same, it has to be kept up to date.
We generally use Joomla as our CMS. This has the advantage of a massive user base and, more importantly, a large team of developers. This means that vulnerabilities are soon spotted and fixed. Then all the likes of us have to do is apply the fix to the websites under our care.