I think I’ve said elsewhere, pulling in js files from public repositories always seemed risky to me, as the security of the external repository is out of the site owner’s hands.
It is, however, absolutely standard practice across much of the internet now (even in actual banking sites).
Having a webmaster on the case is most excellent, so I am impressed, thanks for letting us know 
For the first time since last week, MBAM didn’t have anything to say as I accessed the site. Thanks for getting to the bottom of it.
Turns out (from MBAM) that there is another skimmer file on the site having nothing to do with WordPress. Skimmers grab data from users in order to exploit. I let Paul know and he forwarded it to the engineering team. It would be good to hear back when they’ve taken care of it, so MBAM can review it again to be sure everything is clear. Thanks,
1 Like