Using free templates shouldn't impact your site's security. I am assuming that your deleting suspicious files from the server end? If this is the case seems like you have a vulnerability within your server, not Q2A. There isn't much information provided for the community to help, if we're being honest. If I were you I would do the following:
First, gather information on visitors. You can do this through analytics. You can use google or host your own software to do this. I host my own analytics software so, I can control my data and monitor all of my websites. Gathering information such as ip address, location, browser data, operating system, time spent on website, etc..., will allow you to see if it's the same visitor or multiple visitors.
Once you have more information then you might have a better idea of what your looking for. I would also reach out to your hosting provider to see if they know of any server vulnerabilities.
If your using Ftp or a control panel to access files change your passwords. Don't use basic passwords, there are password generators that can help you to create stronger passwords.
If your managing your own servers make sure all software is current. Update any outdated software because outdated = vulnerability.
I hope this information is useful!
