While doing a quarterly WordPress update for a customer, we spotted a mystery file at the root of the WordPress installation. It’s a hosting_provider_filters.php file.
Some Internet research cleared up the mystery. The file is often installed by BlueHost as a security measure against DDOS attacks. (Click here and here for the technical details.) The file isn’t a core WordPress file, but it’s not malware either.