Get Off Those Maliciously Loaded Scripts!
Download this free Anti-Malware Plugin for WordPress.

That first folder that could not be scanned should not even exist:
…/httpdocs/wp-admin/css/colors/blue/blue
There should not be another blue folder inside wp-admin/css/colors/blue/
My guess is that it was skipped because it is a recursive symlink to the parent folder so it would be a needless infinite deep dir to go exploring that path. So You can look on your server to see what is in there but I would advise that you just delete it.

Also, a lot of the files you are listing should not even be scanned in the first place. I assume that you have modified the default list of extensions in the “Skip files with the following extensions” field on the settings page. This is not recommended, as those file types are skipped for a reason. There is no need to scan large binary files that cannot be executed on the server anyway. It is true that you could hide some PHP code in some of those files but it could not be executed without an include statement run from within a PHP file, that why my plugin will look for those malicious include statements.

So my plugin generally does a good job of finding the threat without wasting time and server resources searching non-executable code in large binary files, and you will find that the scans are much faster if you restore the default settings there.

There is a recovery link on the results page when the files are fixed and your site is tested, otherwise You can restore this code by going to the Anti-Malware Quarantine page in your wp-admin and selecting those files with the checkbox on the left, and then click the “Restore selected files from quarantine records” button.
Please also send me a copy of those files so that I can review the code in them and correct the detection if the definitions need to be update.

P.S. I see that your site is working now, so maybe you have already solved this issue, but I would still like to see the files that might have been misidentified or fixed incorrectly.

A blank white screen usually indicate either a 500 Error or else something has blocked the form POST, maybe because of some other security setting or overzealous firewall.

Check the Console tab in your browser’s Inspector for any Errors or Warnings that might explain the blank screen. Also look in the error_log files on your server to see if any PHP errors were logged when loading those pages.

No, my plugin does not require jquery at all.

I am curious as to what would have prompted you to ask such a question though. Would you mind letting me know why you are asking?

I believe that this lb_postrender_handler is a malicious ob_handler that was injected into the code on your site through a eval’d code that is most likely included within a hidden .MO file. The include(‘.hidden_xyz.mo’); is usually inserted into one of your core files, but it could have any name and it could be in any core file. The best way to find it is with the core file definitions included with the automatic update that you get with a premium donation. But I can also help you further if that is not an option for you. You can email me your site details directly if you need more help.

eli AT gotmls DOT net

I see your registration and your donation on my end, just as you do when you view that list of registered sites. This is most likely a caching issue so please try and clear all your cache and deactivate any caching plugins then refresh your wp-admin page to see your donation reflected there. If you still don’t see it then check your Browser’s Console for Javascript Errors and send me a screenshot of the whole page so that I can help you figure out why it is not showing up.

you can also just email me directly for account related issues.

It could be possible with some code changes but I have found that it can also cause more trouble than it is worth. It is far better to just put my plugin on all your sites and make special considerations for those sites that are not WordPress.

Just to give you an idea of the problems you may run into when scanning many sites at once, here is a short list of just some of the most common issues:

1. PHP has a very small memory_limit so the scan process many not be able to index all the files on so many sites all at once.

2. Even if it is able to build the initial index and start the scan it will likely still take a great amount of time to scan many sites in a linear way, as opposed to installing multiple copies on each site and running multiple scans at the same time.

3. Timeout and lag-time in large scans can cause scan errors that will make the scan process restart some steps and that could take even longer and render less accurate results.

4. Some directories above the site root are protected or may have different permissions which can also cause read errors and this will bog down the scan even more.

5. If there are any sites that are not WordPress then there is a much greater chance of False Positives, which could lead to incorrect modifications in proprietary code that is not malicious, and then could cause site errors.

6. Some browsers may even crash or lockup before the scan is complete due to the sheer volume of data returned by the scan that the browser has to process.

These are the main issues that I am familiar with and could recite off the top of my head but I know there are more reasons to avoid combining all the sites into one scan. I know it is an attractive idea to have all your sites scanned at once, but trust me when I say, it is just not practical to expect a PHP page running inside a WordPress plugin to handle that much work efficiently or accurately. There are command-line tools and server-side anti-virus programs that can scan all your folders, they are just not as good as my plugin at identifying and removing malicious code from WordPress files.