WordPress Malware prevention

Hi guys,

I received a second dreaded letter the other day. I'm through the thick of it, and I've cleaned up all the malware, but this is the second time this has happened. I need your best tips to prevent malware incursions on wordpress sites. Our hosting provider is pair.com. I've completed all the remediation steps they requested, but I can't help but think that it's missing something, to have allowed a second breach. The first time they said it was a compromised user account. I could never find evidence of that, it's really possible it was. The second time they said it was because I didn't change the passwords of the users. I did. I setup a salt rotation also. I changed the db passwords and deleted all non-essential users.

Thanks for any help you can provide.

-signed exhausted sys admin, who shouldn't be doing website anything...

"Hello,

We are writing to you from the Security Department at Pair Networks
regarding your web hosting account 'acmeinc'.

We have again received multiple third party complaints regarding
both attacks and phishing sites related to your account.

In examining the issue it is apparent that, while some malware is
new, the intrusion stretches back into other previous intrusions
that were not fully and appropriately addressed. As mentioned during
the prior incident, there were still issues of which you were
informed that were dormant issues from yet prior exploits that were
not addressed and that password protections put in place by Pair
Networks were circumvented.

This remediation list will need to be fully addressed:

• Remove any malicious files and/or code injections
  
• Upgrade all Wordpress installs to the latest release
  
• Update all Wordpress plugins
  
• Update all Wordpress themes
  
• Change all Wordpress passwords
  
• Change Wordpress database passwords and SALTs
  
• Check that no malicious users were added to the various backends
  
• Adjust unsecure, world-writable permissions. Typically,
    files/directories shouldn't have permissions higher than 755.
    However, "the lower, the better" is a good rule to follow. This is
    especially true with regards to config files, which should never
    have permissions higher than 600.
  

To allow you access to perform these tasks, we have setup password
protection so that you can work without risking further intrusion or
malware spread. You will need the following credentials to gain
access:"