Can we avoid ExressionEngine from hacking?

Yes, we can restrict hacking on EE based websites. It has following features to avoid hacking :-

160 Bit SHA1 Password Encryption: - SHA1 is the worlds most secure password hashing scheme.

Throttling: - This feature lets you manage the frequency that any given IP address can access your site in order to help prevent denial of service attacks.

IP and User Agent Logging: - Our Session Management system tracks both IPs and User Agents for more precise authentication.

Password Lockout: - Users can be locked out after several invalid password attempts. This is a deterrent to collision and brute force hacking attempts.