1. Keep Wordpress up to date.
2. Don't depend too heavily on plugins. It's plugins that are usually exploited.
3. Don't use any sort of pirated theme. If it's a premium theme, make sure it's one you've paid for and downloaded from the seller.
4. Hide the Wordpress version number from showing up in the source code. This keeps scripts from crawling around looking for a specific Wordpress version to exploit. (
The Right Way to Remove WordPress Version Number)
5. Don't use Wordpress on sites that don't really need to be Wordpress.
6. Make sure you're not hosting with some noob company that has you on a shared server that isn't secured enough where someone else's site's exploit can effect your site too.
Sounds like you're doing the right things so it's probably just some plugin that has an exploit. Everyone is far too dependent on Wordpress, but I understand why. It's just easy pickings for exploits and traffic redirects.