I keep repeatedly removing the virus, clean the website and change password.
Example WordPress:
- I deleted wp-admin, wp-includes and replace with new wordpress including similar file like wp-comments-post.php,wp-cron.php and etc.
- Deleted plugins and replaced same fresh plugins.
- Deleted parent theme and replace a new same theme.
- Checked upload folder if there's files that have still virus.
- removing all suspicious script like eval() and base64.
- Changed password cpanel and ftp, also I checked if there's a other ftp accounts.
- Changed Keys and Salts in the wp-config.php
- Checked child theme if there's suspicious script.
But someone still accessing the website and put a virus. So I think there's a file that have less security.