Avast one of the few to have this detection!

See: https://www.virustotal.com/en/url/06db21e71b8991e23352525cd6b7d911affbf1a0033904c743fff5f6a26c8dfa/analysis/1455232295/
and see here for the file analysis: https://www.virustotal.com/en/file/9b6db13b52a7d4cceee047695862eb838d144917c89991742c6667bbfe60f6aa/analysis/1455185830/
Not flagged here: https://urlquery.net/report.php?id=1455232473567
Scan here OK: https://sritest.io/#report/2ca60af0-386a-40f8-8d83-85c4030c44a5

Retirable code flagged: -http://obatsirosishati.com/obat-herbal-ampuh-sembuhkan-sirosis-hati/
Detected libraries:
jquery-migrate - 1.2.1 : -http://obatsirosishati.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
jquery - 2.1.3 : http://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js
jquery - 1.11.3 : (active1) -http://obatsirosishati.com/wp-includes/js/jquery/jquery.js?ver=1.11.3
angularjs - 1.3.5 : http://ajax.googleapis.com/ajax/libs/angularjs/1.3.5/angular.min.js
(active) - the library was also found to be active by running code
1 vulnerable library detected

Blocked by scriptblocker link to:
-http://dsms0mj1bbhn4.cloudfront.net/v2/c583ee95b4cd4d90f006e909aa60e15f526c7f3c/shrMain.min.js
& -http://s10.histats.com/js15.js 7 -http://px.owneriq.net/j/?pt=sholic&t=d|"Books%2520%2526%2520Magazines"&s=inte

WordPress CMS issues: WordPress Version
4.3.3
Version does not appear to be latest 4.4.2 - update now.

Check plug-in: simplecart

Warning User Enumeration is possible :o
user = Daniel log-in = Daniel

Warning Directory Indexing Enabled :o
In the test we attempted to list the directory contents of the uploads and plugins folders to determine if Directory Indexing is enabled. This is an information leakage vulnerability that can reveal sensitive information regarding your site configuration or content.

/wp-content/uploads/ enabled

Compromised sites will often contain embedded iframes that can also deliver malicious code to visitors of the web site. Check any discovered iframes and ensure they are legitimate.

-//www.facebook.com/plugins/likebox.php?href=https%3A%2F%2Fwww.facebook.com%2Fpages%2FMaxidoid-Indonesia%2F527540334019967&width=620&height=290&colorscheme=light&show_faces=true&header=true&stream=false&show_border=true
-//www.facebook.com/plugins/likebox.php?href=https%3A%2F%2Fwww.facebook.com%2Fpages%2FMaxidoid-Indonesia%2F527540334019967&width=240&height=290&colorscheme=light&show_faces=true&header=true&stream=false&show_border=true

polonus (volunteer website security analyst and website error-hunter)