Great advice to follow, definately use it. From the standpoint of security it's all preventative. When I was training in intrustion detection, preventative was the first part of security. Prevention, Detection, and Response.
We already know that someone is doing something. It's the traditional response to change passwords, add another layer of security, etc. (What we call the fortress mentality).
For someone who's been doing this for the better part of 10 years, I'd say that if after all of the advice is followed, if you still have problems then it would be time to go to detection and response. You already said that you made some changes and it still occurred, and that's why I asked for the logs.
If it continues, then you're dealing with a legit hack, either a person or an outside program that's deliberately making changes. If it continues then adding another layer to the onion won't help. There would need to be a more direct response.
You run a commercial site. Most people would say "ok she's got a site and someone's messing with it, big deal" but as your site is commercial and could viably offer competition to some big names, then I would not count out that you have someone trying to cripple your site.
Think about it.