Using latest version of WordPress 3.3.1. We originally hosted the site on my server with HostGator. Site build and testing ran for 4-5 months without any errors. However right when we launched, Google started blocking the site for exploit scripts. I went through and replaced timthumb.php, had my host clean several files, and reinstalled the theme. Everything worked great at that point.
Just to be safe though, we transferred the site to a new server. Clean WP install, fresh install of theme and plugins. This ran great for a couple weeks or so, then a few days ago the site popped up the following threat within AVG and Norton for PC users:
Link to Exploit Site (type 90)
However the Google security threat warnings still never popped up.
I went back and replaced the theme files and deactivated all plugins again. I know the owner of our new hosting company and he has scanned all servers, coming up emptyhanded. We are getting a new security threat here, but not the same as before.
Only one user has had FTP access to both servers that hosted the site along the way. Would this be the culprit then? He is a bit of an idiot and tried updating several .php files (actually didn't break them), but I guess his PC was infected and modified the files he saved/reuploaded or accessed his FTP connection directly. Is this a probably cause?
This site is hosted here:
WARNING - DO NOT OPEN SITE UNLESS (EXPERT LEVEL ONLY LOL)
I've basically tried everything. Between emails with this client, looking for the threat, and time spent between two hosting companies, we've spent a lot of time on this and I'm having to do this for free since I can't verify the source of the threat yet.
Can anybody help me pinpoint the source of this error? Their site obviously is having thousands upon thousands of visitors a day, and these visitors are virtually all coming from school computers. So we have a bit of a crisis here!