Successful prevention of hacker attack
I had to attack the website myself in order to reveal any vulnerabilities. Using SQL Injection it was possible to retrieve useful information that could potentially provide root access.
All weak passwords were changed. Some passwords consisted of commonly used words and numbers and were vulnerable to a dictionary attack.
The password storage method has changed, since passwords were previously stored as MD5 hashes. New, more secure hashing methods were implemented.
Finally, the permissions of some directories have changed to restrict access from unprivileged users.