Yeah the ths one we left behind is now hacked too (it was clean when the last one happened). That WP install will need to go as well. Do you want me to discard the contents of that domain and check the others again?
Wordpress gets hacked on other hosts too, it's not unique to us. I've personally had it happen to sites I manage for people on GoDaddy and 1&1. Securing WP simply isn't worth the effort anymore. Cybercriminals have bots that can and will break into thousands of WP installations within a few hours of a new vulnerability becoming available (and you can bet those are being found via AI now too), long before any patches are available. Then there's the cybercriminals who release free extensions and themes for WP that come with a backdoor included so they can hack anyone who uses them.
If you take a look at your logs, I'll bet your other sites have tons of random IPs in their logs with failed requests for wp-login.php xmlrpc.php and similar WP-related files. Those are all bots trying to break into nonexistent WP installs...