1. File permissions. Directories 740 files 640 - writeable directories like cache images 770. Chown root:www-data.
This way www data user can only read files.
2. Using Ossec to report on any files modifications in html folder. Many host api allow to send shut down command. Perhaps create active Ossec rule to do it? How?
3. Firewall. close all incoming and outgoing apart incoming 80 and 443 and rest as per need. Redirect all traffic to ssl.
4. Set auto update for security rules + enable reboot with time frame now.
5. Using Modsecurity or similar to null SQL injections.
6. Ask module supplier how he security audits his code.
7. Store full logs remotely. Ideally incrementally copied as per every change.
8. Secure nginx and php config. Disable risky php functions.
9. Back up site files and db daily.
In case if all security failed - identify which module caused issue. Apply patch or virtual patch with Modsecurity. Reinstall OS, Opencart, then verify via diff all modules files versus original one, if there are only your changes, upload them from backup. Restore database. Yes some latest customers may have a lost order or two. Simply process them manually and add to DB later.
Perhaps somehow can post a howto on identifying borked piece of code.
