After the second hack, we did all the necessary things written here - https://wordpress.org/support/article/hardening-wordpress/ , https://security.stackexchange.com/a/180925 and we also changed the file permission (wp-config.php to 400). We added WordFence, Limit Login and Bad Robot Black hole plugin to secure the installation.
The hack redirects my site to another site.
We run WP 5.4.1 with the theme https://gracethemes.com/themes/music-wordpress-theme/. All plugins and theme are updated.
How can I prevent future attacks?
Added below in wp-config.php
define('DISALLOW_FILE_EDIT', true);
Added below in htaccess
# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
allow from 123.123.123.123
</Files>
<files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</files>
<files wp-config.php>
order allow,deny
deny from all
</files>
# Block the include-only files.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
</IfModule>