I posted a question (item 2) in another thread. esmi responded that I needed to follow the advice in another thread about the hack and then closed the comments, so I can't clarify there. :/
As I said in the second thread, I am following the advice she gave there. But the question in the thread linked above is a different question and I'm hoping for a response, so I can try to UNDERSTAND the problem as presented to me. I am working through those posts, but I want to understand and verify what I've been told and, hopefully, prevent this problem from happening again.
I'll try to be more clear about my questions.
(1) Are wp-pass.php and wp-register.php files that only appear in older versions of WordPress? (I am using the current version on this multisite.)
(2) How would these files be "injected" into my root folder?
(3) What kind of security breach, if any, would these two folders introduce?
(4) Would setting permissions on these two files to 0 (or 000) remove the breach? (I was hacked again after I changed the settings.)
(5) I was told that removing the problematic files won't solve the problem because "the perpetrators will just turn around and replace them getting past the current version of WordPress." If a perpetrator can create files in my root folder, then how will changing permissions on those two files STOP them from creating files in my root folder.
Hope that clarifies what I'm trying to understand. Please rest assured, I am following the advice. I'm just trying to understand the issues.