Hi I have developed a wordpress site for a client of mine. Normally I provide hosting on my own dedicated server through a hosting supplier and have had issues in the past with hacking which has usually resulted through hacking into hosting control panel or FTP. This site in question however, the client has required the site to be hosted on their own server. Their server being their own physical server in their office rather than leased through a recognised hosting company.
I'm trying to work out whether the hacking is a result of vulnerabilities in my work having broken in to the wordpress control panel or as a result of hacking directly into the server / FTP. Their doesn't seem to be any server logs available for me to check.
I wondered if anyone may have had experience of their wordpress site being hacked and whether it was through the wordpress installation itself or through the server or FTP?
I am currently looking through the site to see if there are any vulnerabilities in my work, however I use very little plugins and they are well researched and fully trusted. During the creation of the site I have also taken steps to secure the site such as changing the $table_prefix in wp-config.php.
What do you reckon? Was the site hacked or the server hacked?
Your thoughts would be much appreciated.