Lately our website has been getting hacked A LOT.
I don't really understand where I'm going wrong.
We use the latest version of WordPress
All file permissions are set to 644 and all folder permissions are set to 755.
We use the following security plugins:
They've all been configured to work correctly.
We've changed the database prefix
We've replaced the default admin username & password
We've run antivirus scans on all of our pc's incase of a keylogger.
And still after all this, we're still receiving base64 strings in our .php files (We did stop receiving Malware, so I guess our security has been upgraded slightly).
Some more solid tips on increasing security would be very much appreciated!