Hacked Twice, even after cleaning!?

I have searched the forum, so I know this question has not been asked. About a month ago, I got an email from Google blacklisting my site due to malware. It took about a week, but my hosting service cleaned it out and I followed all the steps required by Google.
Well, it happened again. They are not registering as Admin- they are registering as users, bogus emails of course. This time, I was deleting posts, and they had actually locked the post, so they were hacking right then and there. I was able to block that action. They had about 25 users registered, all the posts are/were just jibber jabber. Could not tell if it was an actual language, but it was not code. I think they were some how using my site to have people sign in to a casino, and trap financial information? IDK! Anyhow, I need to know how to completely wipe my site. I read they probably built a back door into my blog.
I have been using an online backup for WordPress, but it was after the first incident. I have no idea how to find out if my files are clean. I did scan with wordfence, it says my site is clear- but an hour later they had posted 6 more users. I appreciate any help here. I am just really bummed out, and pretty upset over this. I have paid themes, I paid a programmer, now I dont trust too many people.
Thanks again.
I have deleted everything, so listing my URL isnt going to show anything unless they try again later, which they probably will.