While it is possible to accidentally move your website from one insecure service to another, it does sound like you are transporting the problem with you as you move your website around.
The usual entry points for *repeat* attackers are via some vulnerability that allows them either 1) upload a rogue file, or 2) to add rogue code into your website core files, or database, in order for them to return and repeat attacks.
Mostly these attacks are possible due to website core files or plugins and themes that were not kept up to date, but in some instances, attackers have been able to exploit unknown security vulnerabilities in WordPress core code, in 3rd party themes and plugins.
So you will need to go through your website files with a fine tooth comb to identify firstly are there files there that should not be there. Secondly upload a new set of WordPress files to your site to overwrite the ones that are there (EXCEPT the wp-config.php file which you will need to manually vet).
If you find rogue malware files in your fileset, then you have merely discovered the tools the attackers are using to deface your website, this does not explain how it was that these files were on your website in the first place.
You need to look at the plugins and themes you have. These are the most likely entry point that attackers use regularly to seed websites with malware tools. The point again is to not just merely remove the malware files, which seems to be a common theme in support threads and with security plugins, but to actually discover how it was possible for an attacker to load your website with the necessary code tools that allows it to be attacked over and over again even after moving webservers.
If you need a hand with that, after following the steps above, and in the post above as well, come back here and list the themes and plugins you have and we can take a look at theme to see if any could be the cause of this security breach.
