it has found sitemap.xml which has malicious software inserted when my server was hacked about 1 month ago; but I did not delete it at all. I have now deleted it and created a new one.
That only doesn't help you i guess! ( meaning if this is you only measurement..., and again proof you need extern help on your box)
Content in the WP database.... s user settings user rights and so on.
Yes, sir, you are right because all my Wordpress website have the same files being modified at the same time. So the issue may be from ROOT where the previous hackers installed malware.
And this if it are your websites meaning under one USER (YOU) ?
Then no that doesn't mean user Root is hacked. ( could but no musn't)
And all those things you write in that way, is why i did give you advice to hire someone, and install complete clean new WP as
@zEitEr advised he can do some for you maybe..
You didn't even listen to most of advice from them ( users trying to help you here with their time in this topic) to scan with real scanners, "wordfence" is only is so ...
But the best thing would be to clean install a WP site and import it's content.
So it could be there is more time now between yes no hacked sites, but it comes back i am pretty sure about that, if you did only the things you did write here sofar, sorry.
You didn't even post the real complete result malware found in that sitemap .xml file, while there should be more info about that to, for support are such things very important! ( a sitemap.xml for example is very easy to detect yes of no code in it, and with those code it could be more easy to find out about the hack) (
you did as example write you deleted those? if yes all then bad bad, support for making things clean need infected files to know more about hacks)
Oyea probably if sitemap xml is really hacked you also have problem to set the user rights to those needed. ( only guessing here
)
And people knowing me, know i am a nice person, so i mean it well for you! my critism..