It can be due to an update (plugin, theme or WP core).
Which file was it? There should be the full path to the file indicated in the email message.
SCRIPT_FILENAME: /home/martin/public_html/seo/install/upgrade.php
Did you update, upgrade or install the /seo/install/upgrade.php file lately?
I didn’t install – I know that much. Could this plugin have upgraded without my knowledge? When WordPress updates my site, for instance, I don’t know about it until it’s already done. So, could the same thing have happened?
It’s possible. Check the date and timestamp of the files in the /seo/install/ folder.
Hi last night while I was asleep several of my files were modified without my consent and they look suspect. I got this in an email from ninja
SERVER_NAME: jodiekrantz.free2move.com.au
USER IP: 185.86.164.99
SCRIPT_FILENAME: /home/free2move/jodiekrantz.com/wp-login.php
REQUEST_URI: /wp-login.php
Last changed on: August 12, 2020 @ 03:30:50 (UTC +0800)
The ip is from Turkey. Before I log in via that script wp-login how can I trigger ninja to scan, and preferably revert the files back. When I look in cpanel file manager amoung the ten php scripts modified at that time were:
xmlrpc.php, wp-signup.php, wp-settings.php, wp-comments.php, wp-login.php, index.php
Have I been hacked and what to do?
I have wp set to auto-update. Are these files typically changed in a wp update?
@bcslaam You weren’t hacked: There was an update last night (WordPress 5.5), hence the File Guard notification.