Also, always check your template too! Probably a (link to a) malicious javacript was inserted there.
I’m not a developer, don’t know how to run the phpMalware scanner. SiteDash did not detect the malware too. My hosting provider ran the scanner and found the malware.
Just to clarify, SiteDash checks for known vulnerabilities. Running extras or core versions that have had security issues, or gross misconfigurations will alert you.
It doesn’t scan your files or database to detect backdoors or malware or other things left behind by a hack.
Thanks for clarifying. I know. I was just saying that my tools (like SiteDash) did not warn me about this.