I googled for ".php.suspected", and found a number of open DocumentRoot
directories, probably due to Vigilante Malware Cleaners or some
slightly stupid antivirus. Renaming compromised index.php files to
index.php.suspected leaves WordPress (or whatever) inoperable,
and Apache to come up with its own HTML for a "/" access.
I downloaded the .zip files from some of those open DocumentRoot directories.