CMS

Is it easy to hack a site?

There was a problem:
At the moment I own the site. It contains advertisements.
For one content, when adding ads at work - these ads are displayed only at his work.
Moreover, he does not see new ads after a certain date, and his ads are taken in the 'id' of those ads that have added other content (id is used in the last segment in the address bar). I looked in the database - there are no ads there. I looked into the logs, at the time at which he said that he was visiting - there is a current record of one Post request to the site, although he uploaded 40 ads, and he sent me screenshots of the entire site and specifically these ads. (in theory, he couldn’t do it all himself, he doesn’t really know how to use Photoshop or Chrome Devtools, especially since recommended ads are randomly indicated on the pages, he also needs to know by what algorithm they are issued - the recommended ones were also correctly indicated all 40. There was no point in forging all the ads, it’s not worth the trouble).
It turns out that in order for everything to be displayed as well, someone must have a copy of my database, and the source code of the site, in order to present the content to the manager, the appearance of the site when entering from his computer? Or I do not understand something.
Thanks in advance for your replies.