Malicious code is back again after in a few days/hours

Some of my websites are getting hacked by uploading malicious files and modifying WordPress core files. When I fixed it, it is a matter of days/hours when the malicious code is back again.

Besides hosting and WordPress itself I don’t see what else have affected websistes in common. This is happening last few months. I keep WordPress as well as all plugins updated.

The attack consists of uploading wp-includes/license.txt file and including this file in wp-includes/wp-db.php.

I am using iThemes security, WP Defender and the Defender is the one who finds the modified files. But is not able to prevent it and I have php file edit is disabled