WordPress Security/Troubleshooting Specialist Needed

I am looking for an experienced WordPress security/troubleshooting specialist to investigate an ongoing issue on my website. The website was previously hacked and has been restored, but I need someone to ensure all security measures are in place and troubleshoot any remaining issues. The ideal candidate will have a strong background in WordPress security and troubleshooting, and be able to identify and fix vulnerabilities effectively. Current situation: Spam posts are created as drafts (not published). I delete them, but new ones continue to appear. The content has been in multiple languages (initially Russian, now English). Wordfence malware scans are clean. No unknown users exist. Wordfence is blocking normal brute-force login attempts. Plugins have been reviewed and unnecessary plugins removed where appropriate. Website otherwise functions normally. I need someone to: Identify what is creating these draft posts. Confirm whether this is caused by malware, a compromised plugin/theme, scheduled task, database issue, or another source. Remove the cause. Confirm the website is secure and explain what was found. Important: I can provide WordPress administrator access. I cannot provide hosting or domain access. Please only apply if you have experience investigating hacked or compromised WordPress websites. When applying, please include: Similar WordPress security work you have completed. How you would investigate this issue. An estimate of the time required.