As an introduction, I'm pretty keen on WordPress security. I keep everything up to date; I have a good htaccess file (via BulletProof Security) and I've taken a number of precautionary measures to prevent problems such as renaming my db table and my username, removing version info, etc. I also use strong passwords (at least 10 random characters).
Clearly though, it's not enough to stop troublemakers. I got hacked again last night.
Wanting to be sure I got everything, about an hour ago I installed Wordfence and, after running a scan (using free version) I was presented with a list of ten executable files, all of which contain crazy long strings of obfuscated code.
I tried a few other security scan plugins before Wordfence, but yours is the only one that picked up on these files.
Wanting to play it safe, I made copies and then promptly deleted all ten files (I also made copies). Now I'm just trying to figure out how to decode them.
In any event, I just want to say thanks for this plugin, and for making a free version available. Without it, all these files would still be sitting there.