My web server recently got hacked a couple of days ago:
Running WordPress 4.9.8 from "server repo" on OpenSUSE 42.3 with apache 2.4 and
php 7.2.

These specific files were installed on my system from this location:
http://download.opensuse.org/repositories/server:/php:/applications/openSUSE_Leap_42.3/noarch/
wordpress-4.9.8-1.1.noarch.rpm
wordpress-apache-4.9.8-1.1.noarch.rpm
wordpress-plugins-4.9.8-1.1.noarch.rpm
wordpress-themes-4.9.8-1.1.noarch.rpm
wordpress-themes-collections-4.9.8-1.1.noarch.rpm

The hack modified:
wp-config.php to point to another external database loading the content of the
web page from that database instead
akismet.php had a part of code added
a file called wp-upd.php was uploaded containing the same code that was added
to akismet.php

I have installed no other plugins from the internet.

I'm wondering if there is something the people doing the wordpress packaging
from OpenSUSE side to prevent this type of attack from being done?

The protection of wp-config is inefficient as /etc/wordpress/wp-config is owned
by wwwrun and this hack used this ownership to be able to overwrite the file
with it's own database settings (and while accessing the file it could also
read my old settings).

My manual prevention for this attack is to make wp-config readable by wwwrun
but only writable by root. Maybe almost all wordpress files should be read only
by wwwrun as wordpress is a very common target for hackers?

I haven't read through all the logs yet, so at time of writing I don't know if
the vulnerability used to modify the files was in apache or wordpress or php.
But anyhow it can be solved the same way by protecting the files from being
overwritten by an attacker by changing the files ownership and rights if the
attack was done through apache or wordpress who use wwwrun.