Website hacked again
Keep in mind FTP sends your password in CLEAR TEXT. So the potential for compromise is definitely there.
Another thing to consider, is your FTP password UNIQUE to your hosting? Are you sure you're not using it ANYWHERE else? No other accounts, websites, etc?
How secure is your EMAIL password? I've been involved in cases where the "weak link" was actually the EMAIL password and the culprit was just sending "forgot passwords" to the email and deleting the evidence from the email box while everyone was too busy focusing on the compromised server to notice.
Just a few things that came to mind... some other things of course would be a social engineering approach with your ISP or some software vulnerability on your server or one of the packages your hosting.
There's more (obviously) but those are typically the "usual suspects".
UPDATE:
Based on this new information (that the hacker is not using FTP to change your files) I can only assume that the most likely cause is probably an unsecured web app.
That's not the ONLY thing it can be but in cases like this is the most likely.
Another thing to consider (and check for) is if he left himself some sort of "back door" to your app. I seem to recall you mentioning before that your ISP said he came in via FTP. Is it possible he came in via FTP the first time and left himself a back door?
Also, its a shot in the dark, but I have personally witnessed compromised boxes where a hacker only came in ONE time but left a cron job that kept changing files and other various evil. Is it possible that the hacker DIDN'T come back and you're dealing with an automated script? Just something to check if you feel you've exhausted all other possibilities.
Finally, do you have access to your web logs, system logs, etc? If so, what do they say? Do they reveal any clues?
You might want to read Detail Post-Mortem of a WordPress Hack. Another post that gives a lot of information about a WordPress blog hack with links. WordPress itself has an FAQ about what to do after your blog has been hacked.
WordPress is a heavily targeted application just because of it's popularity. Fighting hackers of thoses sites is a full time job. From your description, it sounds like someone has found an exploite of WordPress is using it to their full advantage. You sound like you're doing everything right so far, but I'm thinking that the attacker is dropping a file into your site and the attack from that direction. The first link I pointed you to goes into a very detailed description of this and what steps they took to counter it.
In the end, you might have to think about changing from WordPress to another blogging application. Good luck defending yourself, and hope this helps some.
GoDaddy gives you SSH access and you could connect to your account using Putty.exe on port 22. Once you are connected you can use Putty to create 2 proxy/tunnels on port 20 and 21. Then you can use ftp through the secured tunnel to get to your files.
Or, better yet, you can just do that same thing much simpler using the PSFTP.exe command or you can connect to port 22 with FileZilla client.
Silly question, but - have you tried changing password and using another computer whatsoever? Maybe there is a keystroke logger on your PC.
I suspect a prank here, or at least a targeted attack. Is anyone you know willing to play such a joke..?
Step out of box before getting too paranoid. It helps.
ps: or perhaps a mis-used wordpress theme. Or wrong credentials on DB access.