hi excuse me for the code, i have now the picture, to you know how he worked?
i got also an info!
in general it's not from the folder permission; if you are on a shared hosting system you should ask your host and also check any extra users in wordpress and delete the extra ones;
If you are on a vps or a private server, the problem is more complex as you may have a door in the server script and most likely a root user that is used by the hack script;
regards
Peter