Read through the cold reconnaissance scan results of this site flagged by Quttera’s coming with 48 malicious files and 1 suspicious file.

The header.php file is changed? It should be tried to override the header.php file with a fresh copy and also get hold of the login details - see malcode flagged by Quttera as malicious attached as an image by me.

Check on the WordPress Plugins
The following plugins were detected by reading the HTML source of the WordPress sites front page.

youtube-video-player 1.2.1 latest release (1.2.2) Update required
http://wpdevart.com/wordpress-youtube-embed-plugin
the-events-calendar 4.0.4 latest release (4.0.4)
popups latest release (1.4.3.1)
http://www.timersys.com/free-plugins/social-popup/
wp-spamshield latest release (1.9.6.8)
http://www.redsandmarketing.com/plugins/wp-spamshield/
tagDiv-social-icons
spider-event-calendar 1.4.30 latest release (1.4.30)
https://web-dorado.com/products/wordpress-calendar.html
js_composer
wysija-newsletters 2.6.19 latest release (2.6.19)
http://www.mailpoet.com/
cookie-law-info 1.5.3 latest release (1.5.3)
http://wordpress.org/extend/plugins/cookie-law-info/description/
wunderground latest release (2.1.1)
https://github.com/katzwebservices/

Theme that was hacked: WordPress Theme
The theme has been found by examining the path /wp-content/themes/ theme name / Newspaper

Warning User Enumeration is possible :o Admin logged in as a certain Mxxxxxx
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. However it is important to understand that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.

Warning Directory Indexing Enabled
In the test we attempted to list the directory contents of the uploads and plugins folders to determine if Directory Indexing is enabled. This is an information leakage vulnerability that can reveal sensitive information regarding your site configuration or content.

/wp-content/uploads/ enabled

Further tested: https://oscarotero.com/embed/demo/index.php?url=http%3A%2F%2Fwww.warzywapolowe.pl&options[minImageWidth]=0&options[minImageHeight]=0&options[facebookAccessToken]=&options[embedlyKey]=&options[soundcloudClientId]=YOUR_CLIENT_ID&options[oembedParameters]=

Detected libraries:
jquery - 1.11.3 : -http://www.warzywapolowe.pl/wp-includes/js/jquery/jquery.js?ver=1.11.3
jquery-ui-autocomplete - 1.11.4 : -http://www.warzywapolowe.pl/wp-includes/js/jquery/ui/autocomplete.min.js?ver=1.11.4
These libraries are not vulnerable as far as we can establish → http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.warzywapolowe.pl%2Fwp-includes%2Fjs%2Fjquery%2Fjquery.js%3Fver%3D1.11.3
&
http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.warzywapolowe.pl%2Fwp-includes%2Fjs%2Fjquery%2Fui%2Fautocomplete.min.js%3Fver%3D1.11.4

57% of the trackers on this site could be protecting you from NSA snooping. Tell jagodnik.pl to fix it, that is on the main site of the domain hoster. Quttera finds this as suspicious in a redirect: index
Severity: Suspicious
Reason: Detected suspicious redirection to external web resources at HTTP level.
Details: Detected HTTP redirection to htxp://www.jagodnik.pl/.
62% of the trackers on this site could be protecting you from NSA snooping. Tell warzywapolowe.pl to fix it.
Unique IDs about your web browsing habits have been insecurely sent to third parties.

local.adguard.com __cfduid
i5ebn7bajlbxxxxxxx6piidb7 -www.warzywapolowe.pl phpsessid
Legend

polonus (volunteer website security analyst and website error-hunter)