It must be something specific to your site/server because I have not seen this problem before and I cannot recreate it on any of my test sites.
I would like to figure out what is causing this on your site, even if it’s just a conflict caused by another plugin. Would you be willing to give me access to your WP Admin so that I can troubleshoot it on your site?
If you want to email me directly with your WP Admin login then I will take a look at it. If this is a new threat then I can add it to my definition updates so that it can be found and automatically removed.
Both those error numbers refer to a NO_HTTP_REFERER error.
I guess the Protect WP Admin plugin is hiding your HTTP_REFERER when redirecting your login attempts.
The key you registered is for your domain with “www.” in front of it but somehow you manually registered your key to the domain without any Ws so it didn’t match. I have added the “www.” to the beginning of the domain that you registered so you can get the definition updates now.
You should always use the pre-filled registration form on the right-hand side of the Anti-Malware Settings page.
I see a key registered in your name, but you haven’t really given me anything to go on. Can you email me directly with a screenshot of the error or your WP Admin login so that I can tell what the problem is?
You shouldn’t need to whitelist anyone as it should only block brute force attack but you can add more IPs to the array on the first line of you wp-config.php file.
That first line should start like this:
< ?php if (!in_array($_SERVER["REMOTE_ADDR"], array("1.2.3.9", "1.1.1.6"))
I uploaded this helpful PHP script to github so that it would be easy for you and others to download. I used this script to restore the corrupt core files on your site.
Here is the link:
https://github.com/gotmls/WordPress-Core-Files-Integrity-Checker/blob/master/GOTMLS_Restore_WP_Core.php
Just place this PHP file on your site then path directly to it in your browser and it will check your core files and let you restore any files that have been altered (even if your WP site is broken).
Oh, sorry, I thought you were able to restore it from a backup, but I see now that you were referring to another site.
If you want to send me an FTP login to you server then I can manually restore the site from the quarantine.
I just release a new plugin update that fixes this issue.
Please download the new release, version 4.15.27, and let me know if that works for you.
There should be a button to enable the Brute-Force Protection if it is compatible with your server, otherwise you should be getting some kind of error.
If you need more help with this can you send me a screenshot.
It is possible that an infected computer would infect the post content or that a Key Logger on the client’s machine gave the user’s login to a hacker so that they could infect the content. But it could also just be a coincidence and the hack could have come in from a backdoor or another vulnerability.
My plugin is designed to fix the Known Threats for you automatically. I don’t mind helping when help is needed but the whole point of my plugin is to help people cleanup their own site without needing to hire a professional.
You have not stated that you even tried to fix the malware that was already detect. Can you please use the Automatic Fix button in my plugin and then, if you still need more help, please let me know what my plugin was unable to do for you so I know what kind of help to offer?
Sorry for the delayed response. My plugin does block some common attack but I would hesitate to call it firewall. To be honest I don’t like any of the firewall plugins I have seen, most of them are a little over zealous IMHO, and some of them don’t even work. You have to be careful with any form of protection that you don’t lock yourself out 
The malware probably overwrote your .htaccess file. You just need to restore the Permalink Settings to “Post name” or your ” Custom Structure”. That will fix your .htaccess file.
If you are sure that there is no gotmls folder in the plugins directory, and then you install it through the “Add New” method in the plugins admin page (/wp-admin/plugin-install.php) and then it should show up in you list of plugins, and if the standard install method was successful there should now be a gotmls folder into /wp-content/plugins/ when there was not before.
can you confirm that it creates the gotmls folder in the correct path and that there are no errors from the WordPress Plugin Installer?
