It looks like your theme’s header.php file is still infected. If you can send me a copy of this infected file then I will add it to my definition updates so that it too can be automatically removed.
Thanks for posting your findings, I have added this new variant to my definition updates.
If you hover over that file on the results page it should pop up with a reason for the error. Maybe it’s a file size problem or a permission issue. Does it happen every time you scan?
What if you just scan the plugins directory?
That does not actually exist but the .htaccess file in that same directory should perform a rewrite that serves the appropriate JavaScript. If that is not working then there must be some PHP configuration on your server that is preventing the rewrite rule.
Also, check your footer.php, it looks like that is where the code is showing up.
I have not seen this one before. Check the header.php in your theme editor. If it’s not there try the functions.php.
I would be very interested to see the infected file if you find it. If you cannot find it I would be willing to look for it myself if you are willing to send me your wp-admin login.
Eugene, This is not a relevant topic to post your request, and I don’t see the “enclosed Paypal receipt”. Can you please email that info directly to me: eli AT gotmls DOT net
Each key is matched to a single site, but if you register the other site with the same email address then they will both by under the same account.
Just Check the box for Automatic Updates and click Save. Then you will have the Core Files definitions available.
There are no false positives in the Core File Changes scan. The contents of that file has certainly been altered from it’s original form. You or your developers may have modified that file and a Core File Change does not necessarily mean that it was modified maliciously, but it is unwise to modify WP Core Files and your theme changes should never effect the Core Files. You can click on this listing in my plugin’s results to see the contents and click on the [1] to see what lines have been modified. If you made these changes yourself then you can decide to keep the changes but I would recommend restoring the original file.
I’m sorry but this feature is not ready yet. There is currently no way to schedule a scan. However, I am working on a solution for this and I hope to have something available for testing by the end of the year.
Thanks for sending me your login. So it turns out it was a POST size limitation in your php.ini settings. I was able to use the automatic update method which you normally have to donate to unlock, but you could also talk to your hosting provider about increasing the post size limit on your server. You should be good to go from now on as you will only need incremental updates which are not as big as the initial update was.
Aloha, Eli
So, I think it’s all working now. Have you had a chance to try out the new version 4.15.45 of my plugin that I just released?
1. I have release a new plugin update that fixes that issue with the nonce tokens. Please download version 4.15.45 and let me know if you have any more problems.
2. Typically the default setting of -1 is best but if your scans are getting stuck part way through then you can try a small positive number like 4 or 6.
I just released an update to fix this. Please download the new version 4.15.44 and let me know if that works.
