That’s very sad that you are experiencing this problem.
You can do the following things to solve the problem :
- Check every folder for a list of known backdoors such as C99.php, C100.php, Weevely.php. (You can do that by grep). And delete anything suspicious.
- Download WPSCAN and run it against your website to see if any known vulnerabilities are present in your website.
- If you are using any nulled plugins or themes. Delete them as soon as possibl.
- Keep your plugins and themes up to date even if you are not using them.
- Always keep a regular backup so that you can restore your website.
I hope my tips help you. And remember, about the known file structure of your website, Security is always better than obscurity.
It doesn’t matter if you have a known file structure until everything you are using is safe.
Cheers!