I would like to explain why WordPress malware (tampering) spreads to all sites on the server.

On a shared server, it is unlikely that the server itself has been hacked.

If all (or many) of the sites on your server are infected with malware, you may wonder if the server itself has been hacked by hackers.
However, if a major shared server itself is hacked, it means that all users’ sites on it can be defaced, which is a serious situation. (It would probably be a case of a flawed server management company that would be reported as news.)

As far as we know, this has never happened on a shared server, and in most cases, the vulnerability of the WordPress site you have on your server was breached, and the infection spread from one site to the others.

Since the root folder of a shared server is shared by multiple sites, if one of those sites is infected with malware, the other sites may be at risk as well.

The figure below shows the folder structure of a shared server. You can see that the folders of multiple sites share a single root folder.

Malware is increasingly scanning this folder structure and writing malware to all sites sharing the root folder.
This means that even if no other sites are vulnerable, a single WordPress site can cause the infection to spread to all sites on the server.

If one site on your server becomes infected, we recommend that you perform malware scanning and security measures on all sites on your server.
The following are some of the free measures that can be taken

[Free] WordPress:Malware Scan & Security Plug-in [Malware and Virus Detection and Removal].

Five free WordPress security measures