Yes, My plugin can scan and clean all subdirectories with your WordPress root install.
If you quarantined the threats then you may just need to request a review in Google Webmaster tools. It will take a little while before the search results are re-indexed to reflect the changes you have made. You don’t need to delete the quarantine records, but if google comes back and says there is still malware on the site or the site is still actively redirecting then you need to keep looking for more threats.
That URL looks fine to me and I don’t think my plugin would block that unless you need XMLRPC access. If that is the problem you can unblock access to your xmlrpc.php file on the Firewall Settings page in your admin or you and add the remote IP of the server that needs access to the whitelist array in you .htaccess file. But I have a feeling it’s not my plugin at all that is causing that error you got. Let me know if you figure it out 
Sometimes Google reacts to cached pages they crawled in past, even if the live site is clean. What are the dates on the URLs that Google Webmaster Tools says are compromised?
You can send me these files that are on your list and I will check them for you and add them to my definition updates.
My plugin will remove Known Threats (in Red). If you are removing those Threat with my Automatic Fix and they are coming back the next day then you may need to move you site to a more secure server. I do offer Super Secure Hosting for $12/month per site if you are interested, I can more your site to one of my servers and I guarantee it will not be reinfected again.
If you want to share more info about your problem you can email me directly (a screenshot would be very helpful).
Web browsers get that kind of information from Blacklists which are not updated as quickly as you can clean your site. You still need to request a review to get your site off the blacklists.
Yes, both Google and Sucuri cache they results but at lease you can click the link at the bottom of the sucuri scan results to clear the cache and show the current scan results.
With Google you have to wait until they have re-indexed all those pages and that can sometimes take a while. You can speed up the process in your Google Webmaster Tools account for that site if you can Request a Review, or at least update your current XML sitemap.
No, unfortunately, plain text and HTML is harder to discern good from evil as it is more up to the individual site owns to decide what kind of content they want in their posts. Also, the DB contents is not obfuscated so it’s easy to spot and it cannot be executed on your server so it is generally not as dangerous either.
Fortunately, it not hard for you to remove any of the content that you don’t want in your own posts just by using the text tab in the post editor’s content window.
I would like to help you resolve this issue but I have yet to be able to recreate that error on any of my sites using 4.5, can you provide more info please?
First, it looks like some of that error message you posted is missing. It usually starts out telling you WHAT is deprecated.
Also, it looks like the problem is in your wp-includes/functions.php file, not in my plugin. Maybe you had an incomplete install when you upgraded to 4.5, can you check you Core Files and replace that functions.php file with the version that should have been installed from https://core.svn.wordpress.org/trunk/wp-includes/functions.php (right-click that link and choose save)?
If you have the Core Files Definitions from the premium version of my plugin than you can run the Core Files Quick Scan and fix that file if it’s broken or not the right version.
Please let me know what you find…
256m is a lot but maybe it needs 512m for this file, it is a really large file. Also, maybe there is some other reason it’s not cleaning it, like file permissions or process timeout. Is there an error message of any kind when it fails?
No, Actually that threat is already in my definitions but I think it’s not finding it on your server because of a memory_limit setting in your php.ini file, because that file is very large.
Thanks for sending me this login info. I can see that it was not my plugin that caused this error on your site.
The errors are caused be the static calls to get_sidebars() and name_to_class() on lines 52 and 57 in wp-content/themes/AVADA-3.0/framework/plugins/multiple_sidebars.php
My plugin didn’t touch that file and I restored the two files it did fix in your theme but that did not fix the error so I removed those two malicious threats again. It looks like that theme is using bad code and it needs to be fixed. Maybe there is an update or something. You should check with the developer or reinstall the theme (or another theme).
Thanks for sending these to me! I have fixed the definition that found that threat in your theme header so that it no longer breaks the syntax of that file when it fixes it (it was accidentally removing too much code).
I am working on that other threat now to see why it does not clean it…
