Thanks for posting this info but I think I just got this issue resolved. Another user had the exact same problem and they sent me access to that file so that I could see what went wrong. I have already just now released a new definition update that fixes this issue so that the whole threat will be removed from your wp-config.php file in future scans. Please update the definitions and let me know if you have any more problems with removing this threat.
This could be a permission issue, or script timeout, or even a memory_limit. The only way to be sure is to check you error_log files when after you get these errors to see what PHP logs as the cause of the issue.
Try adding the word cache to the list of directories to be skipped and see if it will complete the scan then.
You could also check the error_log files on your server to see if it will tell you why it was unable to scan that directory.
When the files are cleaned the malicious content is removed from the file but the file is not deleted, and a backup copy of the infected file (prior to the cleaning) is saved as a custom post type in your database for your review or further study. The backup records can be viewed and deleted from the Quarantine page and you can purge them from the database when you are done cleaning up the site and are sure that you will have no further need of these records.
Thanks for sending me this new variant. I have added this version to my definition updates. Please download the latest definition update and let me know if it still doesn’t get them all 
Thanks for the follow-up and for sending me those files to look at
I verified that none of those files contain any malicious code and specifically that all the code in the failes that were found by that other plugin are False Positives.
I don’t know much about that Shield Security plugin, and I cannot say for sure if any of these are real threats or just false positives, but it looks to me like these files have been flagged by that other plugin for string matches that could could easily have reasonable explanations and benign uses.
If you would like to email these files directly to me then I would be willing to confirm for you that they are clean.
Did you find this code in your DB?
I checked it against my current definition and it should be found by my DB Scan.
If this code is found in a file then please send me this file so that I can recheck it.
I have fixed the issue with non-secure sites being redirected to HTTPS and thus not passing the registration info. Please try again and let me know if it’s still not working for you.
There is and “Email Eli” link on the Anti-Malware Settings page in your wp-admin, or you can reply directly to and email notices that you receive from my site (like this one you got when I replied ; )
You can always email me directly with screenshots any other personal information that you don’t want to post here.
Mark, You have 5 sites registered to your account so it would appear you have this working. If you don’t see your site registered on your end then it might be a caching issue. Try refreshing your wp-admin and if it still shows you that it is not registered then send me a screenshot so that I can lookup your key and figure out where the problem is.
Sorry for my extremely late reply, I didn’t get any notification of any posts around this time and I have been preoccupied with my grandson’s urgent care.
I have been working on a script that can be run server-side to check the core files but it is still in the testing phase and I haven’t had time to work on it lately. There is no part of my plugin that can run independently from WordPress at this time however I am also working on a scheduled scan feature that will tie into a future release of my plugin.
I am very sorry for my extremely late reply, I didn’t get any notification of any posts around this time.
The optional Brute-Force Login Protection checks for valid session before allowing WordPress to authenticate the user if the server is unable to create a persistent session for that user then the login is rejected. If you refresh your login page and you still get that error with the Brute-Force Protection enabled then there must be something wrong with the session files on your server, because otherwise you would not have been able to enable that feature in the first place.
Now that you can log into your wp-admin you can try enabling my plugin again but then go to the Firewall Settings and disable the Brute-Force Login Protection. Once it has been disabled you can try enabling it again, which should only work if the session capabilities on your server are function properly.
I don’t see this redirect on your site. Can you send me an example of the source code that redirects you? You may need to go to your Google Webmaster Tools account or Google Search Console and view your site through the “Fetch as Google bot” tool to see what Google is seeing on your site.
