It takes some skill to root a properly configured web server. Most "hacks" i've seen are public exploits and the attacker only manages to attain the same privs as apache.
A larger issue here is the web server, not just your website. It would help if you owned your own server, or paid for a dedicated box that you control, instead of using a shared server. That way you can turn off processes and services that you don't need, you can install more strict security measures, and in general, you'll be able to respond quicker to an emerging threat. Some examples include mod_security for Apache, reviewing access logs on a daily basis, keeping software patches updated, and actively researching the latest vulnerability threats to increase your security posture.
Visit some white/grayhat hacker board and let them check your site. Some individual pentester (not a certificated company - too expensive) is a good choice as well.