Why are sites hacked?
Sites are usually hacked for fun because as a rule your sites do not contain any valuable information which a hacker could use for mercenary ends.

Whose fault it is?
This is only YOUR fault because you do not fulfill the elementary security requirements.

How to protect a site form hacking?

* Do not log in to your Control Panel from somebody else’s computer, from an internet café, institute, school etc.
* If you still entered Control Panel from somebody else’s computer never save your password in a browser and always click "Logout" button before you close a browser.
* Don’t give your passwords to anyone.
* Use different passwords for everything (e-mail, Control Panel, user-administrator etc.).
* Don’t use easy passwords (123456, 123qwe, qwerty, password, mypass etc.). Your passwords must look like this: jDk9eu8kd (i.е. a random set of characters).
* Do not allow ordinary users to add news, blog entries and so on everywhere where they are allowed to use HTML. Remember that it is only YOU who need this site. If you have friends who want to help you with your site, move them to another group (e.g. "Checked") and allow this group to add information to the site.
* Do not assign people who you don’t know well as administrators and moderators.