One of the sites that I monitor started to show spam posts under one of the admin accounts. I changed the password, logged out any other instances of users, and replaced the salt strings in the wp-config.php file.
A day later they were back. The site showed 13 spam posts under the same admin account. The site has been locked down pretty good. I have AIO Security, Wordfence, and Sucuri plugins installed. I keep a pretty close eye on the file system myself, and everything has been kept up to date.
I have yet to figure out how the posts are being made, but luckily on this site they don’t really matter as the posts are not incorporated into the theme, but it’s still a huge annoying pain in the ass.
I looked around and found a way to prevent posts from being made. Hopefully that takes care of the problem.
Below is the code I added to my [theme]/functions.php to prevent post creation
https://gist.github.com/Critter/a8f8ba78a1165420e8a5