Posts you never authorized or wrote on your Facebook?
Have you ever noticed a post that are not yours?
If you see on your Facebook or Twitter account posts that you didn’t write, then most probably someone or, most probably, something got access to your account.
The post you see in the photo below is called “like-jacking”, like in “hijacking”, but for Facebook likes: you want to access some content (like a short film or a pole) and on the way to see that content the page makes you “like” something before showing the content.
In the like-jacking case, you authorized the posting, so your account was not hacked. What you can do is to look in the authorized applications and see if there are any you don’t like to have. Most probably, you will see a website appearing there. Simply erased it and you’re good.
If this is not the case, you should change your password immediately and still check the applications allowed to work with your account. It could be that the hacker registered an application, which will continue to work even after you regain access to your account.
Also, enabling two-factor authentication is also a good idea because it would block anyone to log in on your behalf. However, this would not prevent a malicious Facebook App to post on your wall.