Keep getting hacked ?

Hi, would like to know what am i doing wrong and whats the best way to get rid off.

Ive been hacked … There is a script that keeps appearing in my header.php inside theme folder.

I try using default theme for a few days… I still get it.

I have deleted everything in my wordpresss site…
Everything apart from images related to posts and then i have installed everything fresh …

i added a security plugin, checked file permissions, changed login url …

Only 2 days later again i found the header.php file modified …and a script added …

Here its the error log.

[04-Jul-2016 06:12:21 America/Chicago] PHP Fatal error: Call to undefined function get_header() in /home/anunturi/public_html/test/newspaper/wp-content/themes/Design_look/index.php on line 6

iThemes Security has:
Local Brute Force Protection
404 Detection
File Change Detection
check File Permissions
Network Brute Force Protection
Hide Backend … change wp-admin and wp-login to something else

and i still got hacked again … how is this possible ?

i have scanned for backdoors …. nothing found.

Thanks

https://www.ads-software.com/plugins/better-wp-security/