If you configured that correctly, I think it is very unlikely that someone broke that. If someone manages to break in, he probably stole your key. Changing the default port only reduces the number of entries in your logfiles.
You can check the logfiles for hints but consider that if the attacker had full access, it would be easy to temper these data. Bash-history, content of /tmp-folder can give indications. Keep an image of your sd-card, then you can investigate anytime.
I consider SSH to be pretty secure, it’s more likely your webserver or even a different service that was running on your server.
That is a good question. I suppose that you don’t have very important data (such as Hillary’s owncloud 
), so the hack was probably a quite obvious installation/configuration-problem (“low-hanging fruit”). A good and secure configuration should be your main focus. Use tools to verify the settings (check for running services with portscanner). You can follow guides for normal LAMP servers.