Question is too generic, like if supermarket was robed how to secure it.
How did they get in(through unsecure coding of web application, lazy admin didn't change default database credentials etc)? Did they stole something(database, confidential data)

the damage has been done...all you need to do is secure your website more, there's a tons of ways do it..what I recommend is use google analytics(its free) on your site to view its activity and monitor all IPs visiting your website. change all credentials and learn how to encrypt and how to block sql injection .

jcarbillon, Google Analytics isn't a useful security tool. The data is anonymised, so you can't easily identify individual users. And it depends on javascript, and tracking code being installed. So, detecting suspicious behavior is not generally possible.

missc, You may be interested in the Open Web Application Project (OWASP) . This is a useful resource. It details various security risks and how to mitigate them.

To become proficient at securing sites can take time and effort. There's a lot of knowledge you'll need to acquire. The best place to start is OWASP's top ten , which highlights the most common and dangerous threats, the ones you should focus on first.