There's currently an active attack making the rounds where the MODX installer, if still in-place on a site, is exploited to take over a website.
When you've installed MODX, always make sure the setup is removed immediately when you're done. Both the MODX dashboard itself and SiteDash warn you when the setup is still present, but those appear to be ignored often enough for potentially hundreds of sites to have been taken over this way in the past few days.
Once an attacker takes over your site, they can use MODX to add additional backdoors and exploits on your site or server, for example through the file manager.