Malware script injected in index.php

A friend advised me last week that her AV sent an alarm that my site was infected with malware. Unfortunately, I’m not techie enough to how to clean it and my webhost does not support “tracing” where it originated an only offered to nuke the site, or restore an old backup. I opted to have the the previous week’s back up restored since the host said it “looked clean”. Exactly a week after, I checked with sucuri.net and got a malware alarm again. This is what it shows: https://pastebin.com/5RSiJta1

I already changed all passwords (site, ftp and host pw), updated WP, plugins, etc., changed keys/salts in wp-config but my site is still infected. I manually remove the script in index.php after a couple of hours or so just so the site won’t be blacklisted. Any help is appreciated on how I can find where the script is originating from, or what I should look for.

I tried to find eval(p,a,c,k,e,r using textcrawler on the files but I can’t seem to find one, as well as any occurence of strrev. My site is mytotsexactly.com

On a shared host, 6 WP sites are infected and 1 Joomla site).