Assistance to understand and resolve malicious code in my WordPress index.php

Question

I had a WordPress site that was hacked twice in a matter of 10 days. In both cases, I found an admin account that somehow created, even though I had the registration disable