Which threat was this?
If you can send me the whole code so I can see what threat it’s finding then I can improve that definition so that it stops grabbing the PHP bracks at the end of the line.
This is a JavaScript error, but I just checked your site and it is working for me. If it was not just a fluke occurrence and it continues to prevent your staff from logging in then you may want to disable the Brute-Force Login Protection (at least until you can figure out what is causing the JavaScript to break).
If you are using caching of any kind that may have resulted in the malicious code appearing on your site long after you had removed it with my plugin.
In any case it looks like you are all good now. Feel free to contact me again if it comes back, and yes, please donate if you can 
It looks like you have already removed the threat from this file. This code looks clean and your site is not showing those malicious links any more.
Did you use my plugin to remove the infection from the header.php file, or did you remove it manually?
You can paste the contents into this forum topic or reply directly to my email. Thanks!
It looks like your theme’s header.php file is still infected. If you can send me a copy of this infected file then I will add it to my definition updates so that it too can be automatically removed.
Thanks for posting your findings, I have added this new variant to my definition updates.
If you hover over that file on the results page it should pop up with a reason for the error. Maybe it’s a file size problem or a permission issue. Does it happen every time you scan?
What if you just scan the plugins directory?
That does not actually exist but the .htaccess file in that same directory should perform a rewrite that serves the appropriate JavaScript. If that is not working then there must be some PHP configuration on your server that is preventing the rewrite rule.
Also, check your footer.php, it looks like that is where the code is showing up.
I have not seen this one before. Check the header.php in your theme editor. If it’s not there try the functions.php.
I would be very interested to see the infected file if you find it. If you cannot find it I would be willing to look for it myself if you are willing to send me your wp-admin login.
Eugene, This is not a relevant topic to post your request, and I don’t see the “enclosed Paypal receipt”. Can you please email that info directly to me: eli AT gotmls DOT net
Each key is matched to a single site, but if you register the other site with the same email address then they will both by under the same account.
Just Check the box for Automatic Updates and click Save. Then you will have the Core Files definitions available.
There are no false positives in the Core File Changes scan. The contents of that file has certainly been altered from it’s original form. You or your developers may have modified that file and a Core File Change does not necessarily mean that it was modified maliciously, but it is unwise to modify WP Core Files and your theme changes should never effect the Core Files. You can click on this listing in my plugin’s results to see the contents and click on the [1] to see what lines have been modified. If you made these changes yourself then you can decide to keep the changes but I would recommend restoring the original file.
