See: http://killmalware.com/ecertification.net/
Where the malware resides, URL = -http://developers.org/wp-content/plugins/g-lock-double-opt-in-manager/js/gsom_s.min.js
Might be safe to be used?: https://www.virustotal.com/nl/url/94e2b68daa76038fcbd83ae59b34fac10ab6374a5a7d5776c62d57bf800da990/analysis/1445729304/
But the landing at -//0.gravatar.com/js/gprofiles.js?ver=201543y does not goes as it should go.

Well WP issues at developers dot org. :o
WordPress Version
4.0.8
Version does not appear to be latest 4.3.1 - update now.

Excessive server header info proliferation: Server: Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.4.36

Warning User Enumeration is possible User and Login given :o

Warning Directory Indexing Enabled
In the test we attempted to list the directory contents of the uploads and plugins folders to determine if Directory Indexing is enabled. This is an information leakage vulnerability that can reveal sensitive information regarding your site configuration or content.

/wp-content/uploads/ enabled

One would not expect such insecurity here.

polonus (volunteer website security analyst and website error-hunter)