I took a look at the source code for
http://www.seletarairport.com/
It contains various plug ins used for SEO, slideshows etc. This sort of site is a prime target for hackers because it contains many well known vulnerabilities.
For example it uses the yoast wordpress SEO plug in and inserts the code < ! -- This site is optimized with the Yoast WordPress SEO plugin v1.4.19 -
http://yoast.com/wordpress/seo/ -->
The site developer should never leaves these sorts of lines of code in the page as it makes it very easy for hackers to zoom in on vulnerable sites with know security holes. They should be removed once the plug in is installed.
It also uses the jquery slideshow script which has known vulnerabilities.
http://seclists.org/fulldisclosure/2012/Oct/117
They have restored the site but they have not done anything to remove the risks. This proves that you can pay top dollar and still end up with monkeys on the job.
It is very time consuming to keep track of all these security issues and requires a full time security trained IT expert to do the job. I get around this by keeping the number of plug ins to the minimum and consulting my IT expert whenever I want to add features to vbulletin.