Logical explanations are:
You have a plugin or theme installed that is unlocking your root .htaccess file with CHMOD and then using the WordPress flush_rewrite_rules() function to flush your root .htaccess file code and replace it with the standard WordPress rewrite .htaccess code. You would need to search through all of your plugin or theme code and look for the php CHMOD function to find out what is doing this.
Your Host Server is automatically replacing your root .htaccess file. Your Host Server has full control of all files/folders and permissions. You would contact your Web Host and ask them if they do something like this.
Your website was hacked at some point and was never completely cleaned, restored or reinstalled and is still hacked. If the .htaccess code in your root .htaccess file is ONLY the WordPress standard .htaccess code and does not contain any other code hidden in your root .htaccess file then this issue/problem is being caused by the first two logical explanations and your site is not hacked. To check your root .htaccess file for hidden hacker code – copy the contents of your root .htaccess file to a Word document on your computer. This will force all the .htaccess code in your root .htaccess file to be displayed if it has been added with whitespaces to push/hide the .htaccess code out of plain view/sight.
.
