This error means that the Nonce Token was not sent to the page. On what page do you get this error (what is the URL)?
You can reply directly to my email if you do not want the URL posted on the forum.
I am glad my plugin was helpful to you and fixed your problem on that site, and I hope it helps you with your other sites too.
Honestly, the best way to protect your site is to host it on a Super Secure Server, that is why I created Super Secure Hosting. That is the only way I know of to be sure that your site won’t get infected again. I have moved hundreds of infected sites to my specially secured servers and none of them have been reinfected since.
You can sign up here if you are interested:
https://supersecurehosting.com/signup/
Hey, I just found this unanswered topic, sorry, I didn’t receive the email notification when you posted it.
Anyway, I looked at you site and I can see the offending script, I just need to track down the source of the infection. Would you be willing to give me your wp-admin login so that I can find it and add it to my definition updates? If so, please send me a direct email, do not post the info on the forum.
It may not be related to your WordPress install directly, it could be coming from another user’s site on that server, typical shared hosting accounts are not very secure.
The best thing to do for the security of your site would be to move it to a more secure server. I do offer Super Secure Hosting for $12/month per site. If you just have this one site to worry about then you should just move the site to my server and be done with this. I have moved hundreds of infected sites to my servers and non of them have ever been reinfected again since.
I got your other direct email so if you are interested in hosting with my you can send me your hosting details directly to my email and I can move the site for you.
If you are getting reinfected with the same or similar threats repeatedly then the root vulnerability that let in the hack the first time is still there.
If this hack is coming in through a server vulnerability or from another infected site on the same server then there is no plugin that you can put on this site that will stop it for good. You need to find the root cause, the source of the infection.
Is this a shared hosting account?
If so, how many sites do you have on your account?
Sucuri caches their results, so those threats were already fixed. I clicked the “Force a Re-scan” link at the bottom:
*Cached results from more than 2 days ago. Force a Re-scan to clear the cache.
and now all it shows is a link you a counter site witch might be a false positive but you can probably remove it anyway.
This is the Brute-Force Protection, which you can disable on the Firewall Options page in your wp-admin, under Anti-Malware.
Sorry about that, I just fixed it, so It is working now, thanks 
It may be coming in from another account on the server. The best thing to do would be to move your site to a more secure hosting environment. I offer Super Secure Hosting if you are interested, it’s $12/month per site and you will not get reinfected on my server
I see that your site in is a subdirectory on a HostGator shared hosting account. It would be most effective if you could scan the site_root or even the account root. There could be other infected sites on this server that are reinfecting your site. There may also be .htaccess files or cron jobs on your account that will affect all the sites in your account. How many sites do you have on HostGator?
After the fix it loads the wp-admin in that framed window, if the wp-admin loads tht means the WordPress bootstrap was not broken. Theme files are often infected and con sometime be broken when they are hacked (if the hack was done poorly), or when the hack is removed (if the removal was not complete and thorough).
Can you send me the threat that you had to remove yourself? If my plugin could have removed that whole threat when you ran the fix then this would not have happened.
That would be one possible fix but your should ask your host to review permissions on that folder and make it right according to their security needs. Personally I would make it 770 so that “others” could not read or write in that directory, but then you would need to make sure that the apache user is the owner or group owner so that PHP can write (and read) session files.
Yes, you should also run the Complete Scan if you want to make sure your site is completely clean. The Quick Scan only scan the main folders were malware is likely to be found.
I have spent quite some time debugging multiple issues on this test site that you gave me access to. First, I found that some of the rules in your .htaccess files were preventing the rewrite rule in my plugin directory from working properly. After fining a workaround for that problem I found that your server was not able to save and retrieve a session file. The directory where session files are stored has the following permissions: drwx-wx-wt
The plugin will scan all the files in the directory your choose and you can run the Quick Scan on the core files as well, but it will not be as fast as it would if you download the Core Files Definitions, plus it will not find every file modification, only identifiable threats. The Core Files Definitions are available through the Automatic Update feater, which is what you get when you donate $29+, this will a speed up the scans and improve accuracy.
