I have 6 Wordpress websites that I have hosted by unlimitedwebhosting.co.uk that are non-multisite but using the same shared hosting account.
I run the Wordfence plugin on each of the sites and it alerts me to any security issues on the site. Every few weeks or so, I am being alerted to code that has changed on the sites. The latest changes have been that the wp-config.php file has been modified and functions have been added.
Can you advise how I am best to head this off?
I have installed a plugin that keeps the site plugins up to date automatically and I have wordpress updates also set to happen automatically.
Is it possible that the problem lies with my hosting provider? I have asked them to check their audit logs and they cannot see anything so are pointing to software.