Crucially, if your site was hacked, then someone probably had access to run some commands on your server. That means there might be more hacked than just the wordpress install. I would recommend a full reinstall to be on the safe side, otherwise you’re not guaranteed to be safe.
As an alternative, you should definitely scan for rootkits. Using Linux? Try chkrootkit and rkhunter.
Sounds very odd. Can you enable some sort of logging, or verifying that the details are correct? Could it be that your site is on multiple load-balanced backends, and one of them wasn’t updated successfully?
