You find out your website using wordpress or Joomla hacked. Sometimes you don't see any new file uploaded to hosting account but website shows hacked content.
Most likely malicious code has been inserted in website template. There are 2 main steps to improve security of your wordpress / joomla install.
1. Make sure you always update to latest version available. Check all plugins used and ensure there is no known security bug related to the plugins.
2. Change CHMOD of database config file to Owner read only.
Wordpress config file is wp-config.php. Joomla config file is configuration.php