I have 3 websites which are constantly hacked and subject to Trojans etc. 2 are WP sites.
1. You need to run free reports on [url removed, login to view] and identify virus files that need to be removed. Make sure you save backups.
2. You need to install human captcha (available as a plugin) on all pages that have form submission (I think less than 4 in total)
3. You need to provide adequate security measures such as cpanel, hosting and WP password changes.