If you look carefully at the results you are seeing you shoulod note that the actual threat is now gone. there are no more infected URLs on your site and Sucuri is now confirming this. What they are still saying, and this is what you are focusing on, is that your site is still BLACKLISTED (not infected 
You still need to request a review in your Google Webmaster Tools account to get your site off Google’s blacklist. Then Sucuri will show that it’s all good 
Oh, hold on, I just re-scanned that second site on sucuri’s sitecheck and it is clean too. It said that the results were 48 hour old so I guess you didn’t do the re-scan on that site.
You still need to request a review in your Google Webmaster Tools account to get that site off the blacklist.
Can you send me a login to that site so I can find that last threat and add it to my definition updates? You can reply to my email address directly with the login detail.
This is caused by a JavaScript error on your login page. Check the Error Console in your browser and you will see that my plugin’s dynamic JavaScript (/wp-admin/admin-ajax.php?action=GOTMLS_logintime&GOTMLS_sess=…) is being blocked by your server “Failed to load resource: the server responded with a status of 403 (Forbidden)”.
I see that you are using at least one other type of login protection, perhaps one of the other security plugins you have installed is blocking my script from loading on your login page.
I am still working on this feature. I would like to have a scan that can be scheduled ready for testing very soon. Thanks for your support and interest in my project
That is a JavaScript error on your login page. I’m not sure why the JavaScript isn’t running on that page (you should check your error_log file to see what the problem is). I also see that you have a lot of other modifications to the login page, including some other protection plugins, maybe one of those are interfering. Regardless, the first priority is to get you logged in and my plugin is stopping you so you need to disable my login protection for now. Renaming the gotmls folder in wp-content/plugins/ would do it, I know you said you did that but somehow you didn’t because my plugin couldn’t still be working if you did, maybe your active website is running from a different folder than you think it is and you renamed the wrong folder.
Alternatively, you could disable the login patch by commenting out the first line in the wp-config.php file, just add // right before the if on the fist line, after the
Thanks for posting that code! I just added that new variant to my definition updates so it can now be automatically fiexd using my plugin.
I don’t know anything about WP Site Guardian but it looks like some kind of firewall that has detected an external attack in real time. This does not mean that your site is infected again, only that someone may have been trying to hack you. If you want more info on this you should contact the WP Site Guardian developers.
I can’t tell you anything about that code if you just post the first few lines and posting the whole thing is not a good idea either. Please email me directly and attach a few of these infected files (the whole file, even if there is good code in it).
Check you spam and if you still cannot find the registration email with your password in it then you can use the “Forgot Password” link the login page.
If you still have trouble logging in then you can email me directly with your account info and I can help you.
Yes, each site MUST use it’s own unique Key, but if you register all those sites/keys under the same email address then your donation WILL count on all those sites
You can login here (gotmls.net/members) with any other emails accounts you may have used and transfer those registrations to your main account.
It sounds like you covered all the points I have suggested to check. If it’s a blank white screen that you are getting that could indicate that a 500 Error is being generated. Can you check your error_log files to see if there are any clues there?
You may need to turn on error logging or change your log_level too.
There is no need to change the permissions on your files and they should never be 777, that is very insecure.
It sound like something is blocking you from installing the initial definition updates. This could be the post_max_size value in your php.ini file or some other firewall plugin that is blocking my updates. I see you have made a donation, Thanks Can you try the Automatic Update feature to solve this issue?
Thanks for sending me all those files. I was able to find the last of the hidden threats in the footer.php file, that’s what was breaking your theme whenever I fixed the threat in the functions.php file. Now both of those threats have been added to the definition updates and using the automatic fixed in my plugin cleaned your site without breaking the theme
Aloha, Eli
Any intensive PHP process causes a load on the server’s resources. If you are scanning a lot of files for a long time then it is likely to cause an abnormal load. If your server is not adequately proportioned to handle this load or they are trying to host too many people on a single server then they could have a problem with you taking too much of their precious system resources.
If they are really that tight about what processes you run on your site then you should probably switch to a better server. I have room on my servers to host your site and all my servers can handle that kind of load without any problems. I charge $12/month per site, if you are interested in hosting with me then I can move you site tomorrow
Aloha, Eli
