Adam

This is an infection called sometimes ‘Japanese SEO spam’ – probably one of the most popular infection lately.

There are not free plugins to clean malwared hosting account, most likely you need to buy a premium version of Wordfence plugin or their cleaning service, or hire someone to clean your hosting account.

Because of the infection, the content sent to the google bot is different than the content sent to the browse (visible to visitors).
I suggest using another verification method, probably uploading verification file will be the easiest solution.

Most likely malware is installed in random or well-know directories and the installation folder doesn’t indicate how it got in. It doesn’t tell you anything about how the break-in occurred at the first time.
Of course, probably it may be WP Job Manager, but it may be any other plugins, another domain sharing the same hosting account or dozens of other reasons.
I would recommend scanning the whole hosting account for malware.

Most likely malware is installed in random or well-know directories and the installation folder doesn’t indicate how it got in. It doesn’t tell you anything about how the break-in occurred at the first time.
I would recommend scanning the whole hosting account for malware.

I would recommend scanning the whole hosting account for malware. Most likely malware is installed in random or well-know directories and the installation folder doesn’t indicate how it got in. It doesn’t tell you anything about how the break-in occurred at the first time.

Just try to disable this plugin: rename limit-login-attempts folder located in wp-content/plugins

Since your hoster is GoDaddy and you may have some kind of ‘managed WP’ hosting plan, the limit-login-attempts may be located in wp-content/mu-plugins

Most likely you have some “security” plugin to limit login attempts.

In fact, you may add vulnerable code to .jpg file and upload this file (it’ll pass mime type checking). You may even prepare fake .jpg file full of code. But you can’t use this malicious code if you will not upload/modify other files (like .php files) or, for example, modify .htaccess etc.
As @jdembowski wrote before:

I will certainly regret asking:
How is that a vulnerability? I mean, walk me through it step by step.

Attacker with physical access will not use WP uploader to upload files

I run the plugin repeatedly on all my sites, on some of them it takes 4-6 hours to complete.

Did you block an access to all your websites sharing the same hosting account in time of scanning? You should.

Did you find and secured the vulnerability? You have to: if someone uploaded/modified files, deleting/restoring them does not help if he will be able to upload them again

You’ve been hacked – the pagerd_ parameter is well-known symptop of infection.
In fact, it should reload your page with modified content, but something “went wrong”
You may want to check the source, take a look at the very bottom:

<b>Warning</b>:  fopen(.SIc7CYwgY) [<a href='function.fopen'>function.fopen</a>]: failed to open stream: No such file or directory in <b>/home/content/67/11214167/html/PulseOneTechnologies/wp-content/themes/enfold/footer.php(9) : eval()'d code</b> on line <b>82</b><br />
<br />
<b>Warning</b>:  fopen(/var/tmp/.SIc7CYwgY) [<a href='function.fopen'>function.fopen</a>]: failed to open stream: No such file or directory in <b>/home/content/67/11214167/html/PulseOneTechnologies/wp-content/themes/enfold/footer.php(9) : eval()'d code</b> on line <b>86</b><br />
<script type='text/javascript'>
           window.location = ''
      </script>

hello, houben

yes, your server (hosting account) has been hacked and probably you need to check all your domains (at least filmsummit2014 where is the same infection)

A.