Sucuri 404javascript.js security issue or internal server error
I believe this is Sucuri's way of testing a WP site for malicious code or security errors. It looks for 404javascript.js and for 404testpage4525d2fdc to ascertain certain tings about your site. A positive hit will find a hidden redirect from a malicious htaccess file somewhere redirecting the site, but most likely, as it was in my case, it should return a 404 page, but what what seemed to be happening is that the way it was requesting it caused it to receive an unexpected 404 error which was then displaying the standard Internal Server Error page - and then calling this malware. So it was a false positive for me, and when I Googled it, it seemed to be so for others as well.
As far as I can see it has to do with either the Cpanel vhost or a security firewall (htaccess) redirecting traffic in a way that Sucuri believes it is being hijacked.
Make sure there is not code before the start <?php of the pluggable or the header.php "Cannot modify header information" error can be caused in this kind of situation from hidden code or even whitespace characters on the top.
Sucuri also has a function to detect changes of wordpress core files make sure none is set to changed. If it is replace them with the original.
example:
<?php // Injected code --> scroll right there are usually many whitespaces and there is some obsfuscated php code ?><?php // Regular code of the original file starts here.