Wordpress being compromised continually

I have 6 Wordpress websites that I have hosted by unlimitedwebhosting.co.uk that are non-multisite but using the same shared hosting account.

I run the Wordfence plugin on each of the sites and it alerts me to any security issues on the site. Every few weeks or so, I am being alerted to code that has changed on the sites. The latest changes have been that the wp-config.php file has been modified and functions have been added.

Can you advise how I am best to head this off?

I have installed a plugin that keeps the site plugins up to date automatically and I have wordpress updates also set to happen automatically.

Is it possible that the problem lies with my hosting provider? I have asked them to check their audit logs and they cannot see anything so are pointing to software.