Is there any way an attacker can access the server and modify the site (php) code?

I recently had a breach on my site (laravel), i got aware of it after i tried to pull the code from github and found out that some files were modified.

files modified were mostly storage – logs/cache and index.php had error_reporting(E_ALL) in it;

and i am not sure what happened and like to know if there’s a way an attacker can access the server through the site and also what precautions i can take to mitigate these kind of scenarios.