Your scanner isn’t picking up the injection Sucuri is finding and I have updated definitions. I can’t even find these injections manually in the code myself. Any help you can provide would be appreciated.
That is because this threat is usually not in any of your files. Instead, this malicious HTML is injected directly into your database. You’ll need to look in your post/page content (using the text tab so that you can see the HTML tags that you don’t want there) and remove the unwanted text manually.
Your bigger problem is that the hacker(s) will likely still have remote access to your database and they can re-inject this unwanted content. There was a widespread outbreak of this particular threat on TSOHOST recently and a number of their customers reported repeated hacks without any recourse to stop them from injecting the same links into their database.
I would suggest changing your DB_PASS and updating your wp-config.php file. If that does not stop repeated infections then you may have to look for a more secure host.
So I haven’t been able to find anything in the DB and the injection remains when I switch all the plugins off and change the theme…Going to rebuild it next but quick question…In your plugin in should I be able to check the box for “Core File Changes” after I donated? It’s still a red circle with an x in it.
This plugin is one of those I immediately install after setting up a new wordpress. It is easy to run a complete scan of the wordpress-site and the anti malware plugin even repairs infected files. This feature saves a lot of time, if many files of the custom-files in a wordpress-installation got infected. I am really happy that I found this plugin! Thanks Eli! -- Sir Apfelot