What are the weakness in a site that it can be hacked to the administrator account?

- Keep yourself up-to-date to the latest hacking threats. This website may help : http://thehackernews.com/?m=1 - Enforce user names and passwords that can not be guessed. Change the default database prefix from “wp6_” to something random and harder to guess. Limit the number of login attempts within a certain time, even with password resets, because email accounts can be hacked as well. - Keep everything updated. Delaying an update exposes you to attack in the interim period. Hackers can scan thousands of websites an hour looking for vulnerabilities that will allow them to break in. - A firewall is a must. ..It's hard to post every single thing here =\ http://www.creativebloq.com/web-design/website-security-tips-protect-your-site-7122853

In addition to Dayve's answer, you shouldn't be storing your "important assets and records" on your web server. Consider keeping them offline and off of the same network if possible. Assume your server is already compromised, and everyone has full access to what you have stored there. There are always going to be new exploits, and keeping up-to-date won't save you from zero-day vulnerabilities. Protecting your server is a must, but don't rely completely on the protections you've set up. Make regular backups, don't store plaintext passwords, etc. That way if/when you do you get hacked, the impact is minimal.

The most important thing when trying to make a site secure: Don't write any security/crypto code yourself. The average programmer isn't a security expert and no matter how good you think you are, you will get it wrong, every time. Use libraries and software made by others that have been well tested.

shouldn't he also obfuscate it?