Monit Malware prevention

I recently noticed that my website had been hacked with a plugin that that was forcefully added to my WordPress site called "Monetization Plugin". I am working on cleaning the site at the moment, but am curious as to how to prevent something like this from happening again. I have 2 anti-malware plugins that have been running on the site already previously. There is online articles and forums that I found about the redirection malware and how to clean it, but not as to how the attack is performed in the first place. Any idea as to how this attack occurs so one can know how to prevent it in the future?