It looks like emails others have been getting since version 5.2 when a plugin throws an error:

Howdy!

Since WordPress 5.2 there is a built-in feature that detects when a plugin or theme causes a fatal error on your site, and notifies you with this automated email.

In this case, WordPress caught an error with one of your plugins, 3D FlipBook – Light Edition.

It continued with reasonable advice, like checking the front-end and back-end. Indeed I was getting a PHP fatal error when I tried to access either. The email went on to say:

If your site appears broken and you can’t access your dashboard normally, WordPress now has a special “recovery mode”. This lets you safely login to your dashboard and investigate further.

https://land.buyittraffic.com/click?/wp-login_php&action=enter_recovery_mode&rm_token=5BfZRVYe2hhkapSKQcqW3w&rm_key=ystIma0Me1XIHV36wtPdbx

To keep your site safe, this link will expire in 1 day. Don’t worry about that, though: a new link will be emailed to you if the error occurs again after it expires.

Notice the link: “land.buyittraffic.com”???! Unfortunately I clicked on it before I noticed the weird domain, and I was redirected to someplace strange (https://actraffic.com/?p=gzqwiztegm5gi3bpha2dg&sub1=Ayaana&sub2=tony.v2). I quickly closed the tab. Sometime in this process (I can’t remember the exact order of actions), I connected via FTP and renamed the folder of the plugin that was originally throwing an error. But then WordPress attempted to run and send me to my home page, but it was sent through a series of redirects and eventually to a very similar page, and that time Avast announced that it had blocked a threat and aborted a connection to scripts.trasnaltemyrecords.com because it was infected with JS:Downloader-GGQ [Trj]. At that point I completely replaced my index.php with a message to my visitors and will attempt to restore an old version of my site from backup tomorrow.

I can’t find anyone else reporting that WordPress 5.2 “technical issue” email as being malware, but that link sure looks strange – did I screw up my site worse by clicking on it?

What do do?

Get a fresh cup of coffee, take a deep breath and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.

If you’re unable to clean your site(s) successfully, there are reputable organizations that can clean your sites for you. Sucuri and Wordfence are a couple.

As for checking the site with something like Sucuri, I assume I would have to re-enable index.php, which I’m not sure I want to do, because I don’t want it to infect innocent visitors. (My site is extremely quiet, so I might not actually get any real visitors in a short time, but if I did, I wouldn’t want them to get hurt.)

Tomorrow (I don’t have time tonight) I’ll try spinning up a two-week-old server backup and restoring the site files from that – there were no changes to the site in that time (except perhaps automatic updates, which I could just redo). I’ll move the infected set of files somewhere safer to do forensics.

owdy!

Since WordPress 5.2 there is a built-in feature that detects when a plugin or theme causes a fatal error on your site, and notifies you with this automated email.

In this case, WordPress caught an error with one of your plugins, BackWPup.

First, visit your website (https://example.com/) and check for any visible issues. Next, visit the page where the error was caught (https://example.com/wp-admin/update-core.php) and check for any visible issues.

Please contact your host for assistance with investigating this issue further.

If your site appears broken and you can't access your dashboard normally, WordPress now has a special "recovery mode". This lets you safely login to your dashboard and investigate further.

https://example.com/wp-login.php?action=enter_recovery_mode&rm_token=xxx&rm_key=xxx

To keep your site safe, this link will expire in 1 day. Don't worry about that, though: a new link will be emailed to you if the error occurs again after it expires.

Error Details
=============
An error of type E_ERROR was caused in line 27 of the file /home/xxx/example.com/wp-content/plugins/backwpup/inc/Notice/PromoterUpdater.php. Error message: Uncaught Error: Call to undefined function Inpsyde\BackWPup\Notice\json_last_error() in /home/xxx/example.com/wp-content/plugins/backwpup/inc/Notice/PromoterUpdater.php:27
Stack trace:
#0 /home/xxx/example.com/wp-content/plugins/backwpup/backwpup.php(113): Inpsyde\BackWPup\Notice\PromoterUpdater->update()
#1 /home/xxx/example.com/wp-includes/class-wp-hook.php(288): BackWPup->{closure}(Object(stdClass))
#2 /home/xxx/example.com/wp-includes/plugin.php(208): WP_Hook->apply_filters(Object(stdClass), Array)
#3 /home/xxx/example.com/wp-includes/option.php(1815): apply_filters('pre_set_site_tr...', Object(stdClass), 'update_plugins')
#4 /home/xxx/example.com/wp-includes/update.php(332): set_site_transient('update_plugins', Object(stdClass))
#5 /home/xxx/example.com/wp-includes/class-wp-hook.php(286): wp_update_plugins('')
#6 /home/xxx/example.com/wp-includes/class-wp-hook.php(310): WP_Hook->apply_filters('', Array)
#7 /ho

Sorry, but to put it simply, your site has been hacked and hackers added the redirect to your code. This will need to be cleaned and secured by someone to remedy the actual issue (hacker code removal).

Has no relation to WordPress versions, et al.

If you can, go into PhpMyAdmin and run the query:
SELECT * FROM wp_posts WHERE post_content like ‘%land.buy%’

…and see how many posts may have been affected. Then you can run a query to clean it up but you may have to understand how that happened in the first place: outdated plugins, wordpress etc.