In my wordpress installation, wp-blog-header.php and index.php are being constantly changed by a hacker. One concerning issue is that both files are root:nginx 0600. However, they are able to change them to nginx:nginx 0777. They can rename...