It turned out to be the config file that was being trashed.
This is a major hole in wordpress security, because it never gets
changed in an update.
There turned out to be two problems — the one that almost
certainly led to the hack was that it was world-readable, which
shouldn’t have happened, and if it did, an update should have
Googling about the problem also led to reading about the secret
keys which should be included in your config file, but weren’t
in mine because I’ve been automatically upgrading since before
that feature was implemented.
Both of these problems seem to me to be design flaws in the
wordpress system. I am investigating Drupal as an alternative, but
it’s unlikely to become the site’s underlying technology for at
least a few months. I’m still interested in hearing about
people’s experiences moving a wordpress site to something else.