I found out enough information as to where these files came from, which for the moment is enough to satisfy me:
These were templates added by an update to a plugin (called Thrive) that handles janky website building atop WordPress.
After going through numerous sites I found that the templates were all slightly different with some being quite different; I suspect these are different sets of templates added by an update process (which was initiated at different dates/versions by some of the admins).
For whatever reason, this template file flew some kind of ‘malware’ flag on our hosting platform (WPEngine which uses AWS).
Here is an example of the one such templates (when searching for it on Google) found on another sorry website using Thrive: https://mon-salaire-en-slip.fr/wp-content/uploads/tcb_lp_templates/templates/
Related Posts:
- How to get WordPress to save upload file beyond web root [closed]
- Handling email piping attachments and detecting unsupported file types
- what is a auth_user_file.txt?
- How to view PHP on live site
- Is moving wp-config outside the web root really beneficial?
- Hide the fact a site is using WordPress?
- Verifying that I have fully removed a WordPress hack?
- Can I Prevent Enumeration of Usernames?
- Best way to eliminate xmlrpc.php?
- If a hacker changed the blog_charset to UTF-7 does that make WordPress vulnerable to further attacks?
- Should I remove install.php and install-helper.php?
- What is the difference between esc_html filter vs attribute_escape filter?
- How do I technically prove that WordPress is secure?
- Can upload doc and pdf but not ppt – not permitted for security reasons
- Which KSES should be used and when?
- Protecting direct access to PDF and ZIP unless user logged in (without plugin)
- How can I easily verify a core or plugin update has not broken anything?
- can not upload file .vtt on wordpress 5.0.1
- Disable comment windows for all existing posts (pages/blogposts)
- Generate WordPress salt
- Vanilla WordPress install, what can/should I put in disable_functions?
- Stop wordpress automatically escaping $_POST data
- Secure my “add_settings_field” translation?
- how can i embed wordpress backend in iframe
- Handling nonces for actions from guests to logged-in users
- WordPress Logout Only If User Click Logout or If User Delete Browser History
- Can I force a password change?
- What is pclzip.lib.php file that wordfence think it’s a malicious code
- How to disable XML-RPC from Linux command-line in a total way?
- How to remove javascript malware in wordpress site [closed]
- Completely remove the author url
- Securing my WordPress Files and Directories
- Restricting access to content
- About WordPress site security
- Single sign-on: wp_authenticate_user vs wp_authenticate
- How to allow internal links using wp_kses filtration
- How does Cross Site Scripting (XSS) work exactly? [closed]
- How does the “authentication unique keys and salts” feature work?
- vs WordPress Security
- esc_html__ security : what for in this example?
- Using HTACCESS for Secret Access
- wp-config.php being written by attacker
- Definitive wordpress directory ownership and permissions on linux
- XML-RPC errors they know my username?
- Is [admin / admin] acceptable for all local websites?
- Simple Online Payment for Event Registration [closed]
- What may be causing failure of auto-install features in WordPress (v3.0.3)?
- Client side HTTP parameter pollution (reflected)
- Local file inclusion critical security issue [closed]
- Malware script in database post table only? [closed]
- Best practices to assert current_user_can() with guests
- XMLRPC slow and weird websites/services
- How to implement secure frontend image upload? [closed]
- Are there security risks in working directly in the themes folder that builds into a theme folder?
- Is it safe to hand over the admin rights?
- How to find exploited wordpress plugin [closed]
- How I can open back door for myself?
- Basic password protection without using users and roles
- Does meta-data need to be sanitized?
- How can I force a specific password?
- Who updates the wp-admin/core file?
- How WordPress sanitizes post content on save? Or it doesn’t?
- Does this code indicate an exploit?
- Security issue with ‘paged’ and ‘posts_per_page’ parameters taken directly from a POST request?
- How to prevent to direct access of my custom plugin folder/files
- RESTRICT EDIT of PHP files?
- wp-content – permissions for files/folders created by apache
- How can I restrict access to specific parts of a page, not just the page itself?
- Has anyone developed a anti-spam plugin to simply allow users to BLOCK whatever they wish to, but one that will also go easy on IP addresses?
- User generated content and security
- HSTS header not being added correctly
- how to protect wordpress content from crawler
- Can WordPress admin user + database credentials be used to gain Cpanel or FTP access?
- Should I worry about SQL injection when using REST API?
- Links to root domain from search engines don’t work, but direct links and links from other referrers do
- How to Protect Uploads, if User is not Logged In?
- How can I backup my site if it gets hacked?
- How can I have more confidence that WP plugins aren’t getting and storing user data?
- Standard Method for Securing a WordPress Site
- wordpress security (only one part of the site)
- Avoid ‘uploads’ 777 permissions: Potential threat or clean solution?
- Any way to disable /wp-login.php redirecting to the site folder?
- Folder Permissions + Security Concerns
- Malware/Permission bug removal?
- Could a user account with a stolen password compromised entire WP site?
- Step by Step Instructions for Making Media/Uploads Private to Only Logged-In Users
- Secure a WordPress website in 2019: one plugin or a combinations of them?
- What are the different types of firewall protections available for a WordPress website?
- Run a security scan on WordPress site that has .htaccess password [closed]
- Is this a WordPress security bug?
- Competitor is somehow accessing MetaData on a hidden WordPress site
- WordPress Hacks/Defacing [closed]
- Directory to store secure file
- How can I give someone server access to only duplicate and modify a site?
- WP-JSON: Cross Origin Resource Sharing Vulnerability?
- How can I implement ansible with per-host passwords, securely?
- Why should I firewall servers?
- Does drilling a hole into a hard drive suffice to make its data unrecoverable?
- Can you alter the default wordpress strong password requirements?
- how to sanitizing $_POST with the correct way?