Standard WordPress security (username and password) isn’t enough to protect you – they’re not logging in, they’re being sneakier than that!
What you need is to harden your security – rename your admin account, change the id of the admin user, change the wp_ prefix on all the database tables, etc.
Then you need to actively monitor and block all known hackers from even getting as far as your site in the first place – blacklist them!
I can do this for you, as I have on all my own sites, for the last few years. There are rather a lot of them, and they’re all secure, so I know what we’re doing.
Before order a gig please discuss with me.
I will fix wordpress css issues and small problem of your wordpress site