The answer is yes, but lets clear some things below.
First of all in order to be hacked the hacker has to find vulnerabilities which takes some time, which rarely would spend if you are not a target. Everything can be hacked.
Usually the hackers are searching for php vulnerabilities in the code your site is running, either is some popular CMS you downloaded or your custom php code by you or the company created your site. Some php penetration examples are SQL injection, using $_POST and $_GET commands to their favor.
Most sites are hosted in shared computers which doesn’t nesseccerily means I’m not careful they can your site through mine, but happens from time to time depending how secure and independent your account is, shared computer doesn’t always mean linked configs. They did in the past, now most companies they don’t allow global configs, each account has its own safety configuration & settings.
A backdoor can be anything, an email you misplaced in your server or something entirely different, for example a plugin your installed on your wordpress or joomla or drupal or else!
The favorite attack is DDOS (Denial of service attack) which sends more packets to your IP than your connection can download as a result slowing your site temporarily or shuts it down at completely to the web. Of course is accessible through some advanced panels or local connections. There are certain ways to protect your from DDOS such as software, firewalls or in some cases like banks, organizations like NASA, agencies etc hardware. Note this: Nothing can protect you from 100.000.000 zombie computers attacking your network, even CIA has been DDOSed and went off for a day.
Thats for today!