I received several emails as well for different websites I manage. Wordfence support, are these all false positives?
I did have one set of error messages that were different:
* File contains suspected malware URL: /hermes/bosoraweb184/b2234/ipg.athensremodelinggaco/public_html/wp-content/themes/method/lib/admin/languages/method_admin.pot
* File contains suspected malware URL: /hermes/bosoraweb184/b2234/ipg.athensremodelinggaco/public_html/wp-content/themes/method/lib/admin/options/mysite-options.php
* File contains suspected malware URL: /hermes/bosoraweb184/b2234/ipg.athensremodelinggaco/public_html/wp-content/themes/method/lib/functions/bookmarks.php
The email also indicated that I needed to update the custom login plugin. When I did it crashed the site and this appeared:
Fatal error: Call to undefined function is_plugin_active_for_network() in /hermes/bosoraweb184/b2234/ipg.athensremodelinggaco/public_html/wp-content/plugins/custom-login-page/class-lib/CLP_WidgetClass.php on line 25
Once I removed the plugin, it worked fine.
The difference between the messages for the other sites and this one is the addition of the 'hermes/bosoraweb185/b2234/ipg' at the beginning.
Any ideas?