None of the files it has yet identified as being “attack scripts” have been altered from those delivered by WordPress during the update procedure, although to make sure, I have deleted the identified files and reinstalled WordPress anyway – it just reports the same, or different, .js files as being ‘infected’.
What also doesn’t help is that there’s a SSL Certificate naming problem, which is unrelated and beyond my control, but annoying (although it shouldn’t be visible to or affect 99% of visitors to the site). We’ve also tested a number of other AV packages and none have complained about the scripts on the site. Security scans, both internal and external to the site, have found outdated files (which have been deleted), but have reported no malicious content.
In other news, yep, the layout has changed completely. Unfortunately RetroTale hasn’t been updated for over 3 years by its author, so is now depreciated by WordPress.com to be a ‘potential risk’ and ‘incompatible with your version of WordPress”… We’re working on it. Hopefully we’ll end up with something that looks half decent, eventually, but sorry for the mess, right now.