Did you find this code in your DB?
I checked it against my current definition and it should be found by my DB Scan.
If this code is found in a file then please send me this file so that I can recheck it.
I have fixed the issue with non-secure sites being redirected to HTTPS and thus not passing the registration info. Please try again and let me know if it’s still not working for you.
There is and “Email Eli” link on the Anti-Malware Settings page in your wp-admin, or you can reply directly to and email notices that you receive from my site (like this one you got when I replied ; )
You can always email me directly with screenshots any other personal information that you don’t want to post here.
Mark, You have 5 sites registered to your account so it would appear you have this working. If you don’t see your site registered on your end then it might be a caching issue. Try refreshing your wp-admin and if it still shows you that it is not registered then send me a screenshot so that I can lookup your key and figure out where the problem is.
Sorry for my extremely late reply, I didn’t get any notification of any posts around this time and I have been preoccupied with my grandson’s urgent care.
I have been working on a script that can be run server-side to check the core files but it is still in the testing phase and I haven’t had time to work on it lately. There is no part of my plugin that can run independently from WordPress at this time however I am also working on a scheduled scan feature that will tie into a future release of my plugin.
I am very sorry for my extremely late reply, I didn’t get any notification of any posts around this time.
The optional Brute-Force Login Protection checks for valid session before allowing WordPress to authenticate the user if the server is unable to create a persistent session for that user then the login is rejected. If you refresh your login page and you still get that error with the Brute-Force Protection enabled then there must be something wrong with the session files on your server, because otherwise you would not have been able to enable that feature in the first place.
Now that you can log into your wp-admin you can try enabling my plugin again but then go to the Firewall Settings and disable the Brute-Force Login Protection. Once it has been disabled you can try enabling it again, which should only work if the session capabilities on your server are function properly.
I don’t see this redirect on your site. Can you send me an example of the source code that redirects you? You may need to go to your Google Webmaster Tools account or Google Search Console and view your site through the “Fetch as Google bot” tool to see what Google is seeing on your site.
I am so sorry for my extremely late reply, I didn’t get any notification of your posts here.
In any case I cannot find any record of your donation. Can you please email me directly with the transaction number so that I can look it up and get this fixed for you?
Yes, please send me any new malicious scripts that you find so that I can get them added to my definition updates.
Please try again with version JB3Bi and let me know if it’s still not working.
I would hope that you don’t have to completely reload your site from scratch. If you want to send me the URL then I can take a look at it for you.
My plugin should run smoothly in conjunction with other security plugins, although I have had instances come up in the past with some other firewall filters that block my definition updates and even one instance of a firewall rule that blocked my scan page, but you can usually white-list these occurrences or disable the other firewall if it does interfere.
My Super Secure Hosting is available for $12/month per site to those who really need a place where their site will not be reinfected again. I recommend it for sites that are pro to attack or sites that just won’t stay clean on their current server. Once they are hosted on one of my servers they will not get hacked again.
I have already answered your “linkangood” questions on the support forums at wordpress.org, and the malicious “linkangood” scripts have been added to my definition updates, but I wanted to follow up here so that this issue would have the resolution posted and also to try and answer your second question here.
If your copy of WordPress is installed into a sub-sirectory under the public_html directory then it is the sub-directory where WordPress is installed that will be the root directory to be scanned. If you have a copy of WordPress is installed into the public_html directory then the scanner can start there and will then be able to scan all the sub-directories inside it.
I have added this script to my definition updates.
I just want to point out that this is ad code from a legitimate ad network, that is being used in this particular case by a user of their services to promote ads on your site without your permission. While these ads were injected into your content maliciously and without your consent it was not the fault of the ad network, however I do feel that they are partly responsible for allowing the misuse of their ad network to promote their ads on sites that have not given consent. It would be wise for them to require verification of consent by the site owner before rendering ads on their site.
Yes, let’s hope that changing the password is all you need to do to stop the hacks.
If it does come back though then I do offer Super Secure Hosting for $12/month per site, and I guarantee that will stop these hacks 
