upgrading wordpress won't help if you didn't clean your database.
Besides that, if your sites makes any money and you can afford spending a few hundred dollars a year, look for a vulnerability scanner and subscribe to it. This assures you that the minute a new exploit is discovered to the security world, it is tested on your site to make sure that you are safe.
In your case, I'm not sure that the wordpress is the problem, since you said that you have upgraded more than once. It might be that in one of the previous hacks a backdoor was installed on your server and now it is used every now and then. There are scanners that can discover these backdoors as well.