Ola ggomexg,
Some errors while scanning:
https://sitecheck.sucuri.net/results/https/playdede.toAdded cdn-cgi script on your pages
DOM
<head></head>
<body>{"alert":{"text":"M\u00e9todo inv\u00e1lido: ","level":"warning"}}</body>
Take this up with Cloudflare's.
On this error, read here:
https://magento.stackexchange.com/questions/323523/magento-2-how-to-insert-data-in-custom-table (you aren't on Magento, but nevertheless the error-info is valid).
By the way your WordPress configuration is OK, user enumeration and directory listing neatly disabled.
One potentially infested file found
Potentially Suspicious files:1
Detected Potentially Suspicious Files
File name /cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=7c96ff18de303620
Threat name PS.JS.Obfuscantion.gen
File type ASCII
Reason Too low entropy detected in string [['0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000']] of length 100 which may point to obfuscation or shellcode.
Details Detected procedure that is commonly used in suspicious activity.
Threat dump [[iv(1164)](221,k))l=i[iv(736)](i[iv(736)](i[iv(1742)](i[iv(905)](fF,this),24),i[iv(1742)](fF(this),16))|fF(this)<<8,fF(this));elseif(242===k)l=(k=fH(this,123)[iv(1714)](),k[0]=fI(this),k[3]=fF(this)^164.28,k);elseif(k===217){for(k=fF(this)<<8|i[iv(640)](fF,this),l=[],s=0;s<k;l[iv(796)](i[iv(1526)](fF,this)^42.05),s++);}elseif(69===k){for(l=fF(this)<<8|i[iv(905)](fF,this),k='',s=0;s<l;k+=fz[i[iv(1578)](fF(this),135)],s++);for(l=i[iv(533)](fF(this),55),s='',o=0;i[iv(1393)](o,l);s+=fz[fF(this)^61],o++);l=i[iv(5]]
Threat MD5 A92781BDEAC2746D1CA08B392C45D152
File MD5 B4A4188759B22BEAD101FD3A97DC7998
Line Available via API only.
Offset Available via API only.
File size Available via API only.
File type Available via API only.
Wait for a final answer from avast team and file a FP report here:
https://www.avast.com/false-positive-file-form.php#pc whether this is a genuine detection or a false positive despite of the found low string entropy.
See:
https://www.virustotal.com/gui/url/a26d09f5df9fec2626af1aec5e45159dbcec6f722dce62d7a9d2375253c674a7/detectionThat is all we know for now,
polonus (volunteer 3rd party cold recon website security analyst and website error-hunbter)