Security is a fickle thing. From what I'm reading almost everyone has assumed, 'website hack, it's godaddy' - however if you all followed the process, I first asked for the logs. The reason would be to help establish a pattern "to identify the source" whether it was internal or external.
She couldn't provide the logs so the process of elimination started, beginning with her own computer. It stands that the most simple explainations are often the most true. I'm a trained security expert and what I saw, but didn't say was that changes to her site was being made after she made an upload to her website.
It as more likely that someone had her username/password and was monitoring changes to her site so they can make changes of their own.
Hence I asked her to scan her computer for things like keyloggers, trojans, etc using specific software and she did find one. One that has a history of corruption and security risks via the browser.
That's why I asked her how she logged in to godaddy and directed her to use a software like CuteFTP.
I recommended CuteFTP because of all the programs I use, including winscp and others, CuteFTP is the most simple approach and it has all of the options that I've ever needed in nearly 10 years of development.
She needed a fast, simple way of uploading changes to her server without compromise from the browser and CuteFTP is a very good and affordable solution. The only time I really use winscp is for managing and issuing keys to contractors I hire that need server access.
This was not meant to become a debate on which program is the best to use. Everyone has their preferences.