I recently found this in an htaccess file of a WordPress site:
I had never heard of iThemes Security, but the code looked like malware I’ve seen before. And since this site, according to the owner, never had the iThemes Security plugin installed, I was suspicious. Taking a look at iThemes, this code does not look like anything they include in htaccess. It looks to me like malware is using the iThemes Security name at #BEGIN and #END to camouflage their code. I restored a basic WP htaccess file. And yes, there were a number of oddly-named php files which I removed.