In wordpress in the root folder of the left folder. Where is the hole?

You receive a folder with a random name, for example
9243102902f8f092a06bf66e373a36fe16dfd0b6
files
remote_query_server.php
.state
.htaccess
.filelist
.fileHalfCheck

Removed, but the next day it appears again.
After necoro time code is added in the original .htaccess to run remote_query_server.php outside settings.

Tried to scan Dolittle folder with WordPress - without result.
Passwords for FTP and WordPress changed.
Where is the hole?
March 23rd 20 at 19:22
1 answer
March 23rd 20 at 19:24
Solution
Had a similar problem, try the options listed in this thread

Find more questions by tags WordPressInformation securityviruses