Those .htaccess files you found are put their by the install of the plugin wordfence, it put them there for a reason.
HiRestore a backup from a time before the websites were attacked, then update wordpress and all the plugins on all of them. That's what backups are for, to restore to broken system, website or application to a time when they were working correctly.
Your advice noted. ThanksTurn the auto-update on for your wordpress websites and the plugins if you haven't already.
Let me tell you a short story of my websites. All my websites have been running in the server of my previous hosting company, say old_h_com, without problem for several years and some of the websites even running >10 years. I just changed to this new hosting, say new_h_com, about 3 months ago. The cause of this change is NOT cost. It is because the old_h_com is not experienced on WordPress sites.Yeah, you can use Cerber in addition to WordFence. Both are really only good at preventing - and NOTHING is 100% secure, making backups very important. It's also possible that someone else on your shared hosting is infected and your hosting company isn't very good at their jobs.
OK, I haven't compressed it. It is a small .php file of size 16.6kB. The file has been sent.Anyhow, send me a copy of the file - if you want. DO NOT SEND IT UNCOMPRESSED! Send me lock360.php to admin *at* linux-tips.us and I'll take a look at it. Be sure to compress it. I won't get time to look at it tonight, but I'll see what time I can free up tomorrow.
I'll go through it later. ThanksSee also the longer answer here:
WordPress keeps creating index.php and .htaccess files and changes permission to 0444
I have to fix a website that is infected with malware. When I try to access to the WP Admin it says "to many redirects". Hosting company did a scan, there were to many infected files. I m...stackoverflow.com
And, you don't have any backups you can push out? It's cPanel, so you might have Softaculous backups or you may have JetBackup?
ThanksSee also:
Lock360.php | Tu web a sido HACKEADA. | Te lo cuento aquí.
Este archivo se instala junto a los archivos de tu web y a través de el se obtiene acceso a todos los archivos. Creando y modificando a su antojo.flejedecosas.com
You may need to translate it.
Hi HGIII,The reason for compressing it isn't the size, but so that I actually get the attachment. I'll retrieve it from the server and take a look at it.
An automatic translator, such as deepl.com, should be good enough to translate the page that's in Spanish.
Oh sorry. I'll compressed the file and resend it to you. Please advise;Oh, yeah, the server appears to have eaten it - probably because it thinks it's malware. That's why you should compress it, so you can make it through my email system. I was unable to find it anywhere, including in the quarantined folder.