Hacked 5 times in 10 days

My site (https://paindoctors.co.nz) has been hacked 5 times in the last 10 days. I’m at my wits end and don’t know what to try next.

Things I have tried so far:

– Completely deleted everything on my account including the database and reinstalled latest wordpress version (did this twice).
– Installed some security plugins (exploit-scanner, login lockdown, secure-wordpress and wordpress firewall)
– I uploaded an html .index to my plugins folder to hide my plugins.
– I scanned my computer for malware (though I use a Mac and it’s less likely to be infected)
– I changed all the passwords on my account at least twice after reinstalling wordpress, and I’m using very strong passwords
– I changed the security keys in wp-config.php
– scanned my site using Dr Web (by the way, I scanned it using Dr Web after it had been hacked and before I restored it and it came up clean!)
– I have had no plugins installed since the last time I reinstalled wordpress in case they were getting in through plugins.
– I’ve asked my hosting provider (Hostgator) for help and they don’t seem to be able to prevent the problem.

One thing I have noticed in my FTP program is a .htaccess file keeps appearing in my root folder. I keep deleting it (after reading hackers can create these files) and it keeps reappearing. The code on this file reads:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

I don’t know php so don’t know if there is a problem with this.

I have just restored the site from a back up.

I’d very much appreciate any help with this problem.
Thanks in advance.