In wordpress in the root folder of the left folder. Where is the hole?

You receive a folder with a random name, for example

Removed, but the next day it appears again.
After necoro time code is added in the original .htaccess to run remote_query_server.php outside settings.

Tried to scan Dolittle folder with WordPress - without result.
Passwords for FTP and WordPress changed.
Where is the hole?
March 23rd 20 at 19:22
1 answer
March 23rd 20 at 19:24
Had a similar problem, try the options listed in this thread

Find more questions by tags WordPressInformation securityviruses