File Guard Detection

It can be due to an update (plugin, theme or WP core).
Which file was it? There should be the full path to the file indicated in the email message.

SCRIPT_FILENAME: /home/martin/public_html/seo/install/upgrade.php

Did you update, upgrade or install the /seo/install/upgrade.php file lately?

I didn’t install – I know that much. Could this plugin have upgraded without my knowledge? When WordPress updates my site, for instance, I don’t know about it until it’s already done. So, could the same thing have happened?

It’s possible. Check the date and timestamp of the files in the /seo/install/ folder.

Hi last night while I was asleep several of my files were modified without my consent and they look suspect. I got this in an email from ninja
SERVER_NAME: jodiekrantz.free2move.com.au
USER IP: 185.86.164.99
SCRIPT_FILENAME: /home/free2move/jodiekrantz.com/wp-login.php
REQUEST_URI: /wp-login.php
Last changed on: August 12, 2020 @ 03:30:50 (UTC +0800)

The ip is from Turkey. Before I log in via that script wp-login how can I trigger ninja to scan, and preferably revert the files back. When I look in cpanel file manager amoung the ten php scripts modified at that time were:
xmlrpc.php, wp-signup.php, wp-settings.php, wp-comments.php, wp-login.php, index.php

Have I been hacked and what to do?
I have wp set to auto-update. Are these files typically changed in a wp update?

@bcslaam You weren’t hacked: There was an update last night (WordPress 5.5), hence the File Guard notification.