I’m sorry to hear that Wordfence couldn’t solve this for you even after you paid them, that is both disappointing and a little shocking, as I have always respected the Wordfence plugin and what they have done to make WordPress and the internet safer.
I am also disappointed that my plugin didn’t find this threat, and I want to help you get to the bottom of this and find the source of this new threat so that I can add it to my definition update and make it so that my plugin can find and fix it for you automatically.
I’m sorry to say that the link you posted to Sucuri’s of “Rogue Ads” is of no help in finding or fixing this threat. That is just a very general description of the end result of many type of infections, it does not say anything about what your site is infected with or even where this infection is found on your site. I would need a lot more information from you to be of any help to you. For starters, could you tell me what site is infected with this elusive threat?
Also, a specific snip-it of code that I should be looking for would be helpful.
And, if you want my help in actively tracking down the source of this threat then I would need a lot more, like screenshots or links to the scan results, a database dump, and a copy of any files that might contain this malicious code.
If you want to send me anything that would be too sensitive to post on this public forum then you can email it directly to me:
eli AT gotmls DOT net
