Your FTP methods are a possible entry point, but with a strong password you change often, it's a lot less likely. The thing with regular FTP (not SFTP) is that with every file you transfer, the user name and password is transferred in clear text. If someone is sniffing the data in transit, it's a possibility.
Given the conditions you describe, I'd be more inclined to think it's some condition out of your control (strictly, 100%, unverified *conjecture.*) I'd close shop and move your site to a different hosting service. A new start always help give benchmarks against security issues.