I have 2 Wordpress installations. Vaultpress has cleaned them, but the malware simply returns.
Yes - I removed most plugins, use string pw's, use SFTP, kept WP updated and removed themes not being use.
Judging from the comments on status.dreamhost.com this is widespread.
What else can we do to stop this? It's been several days and I see no solution in site