Help with two different security items

I use wordpress security on a few different websites that I maintain. Recently I received emails about site lockout notifications and also wordpress file change warnings.

I have two questions.
1. One of the site lockout notifications really concerned me because the username it locked out was actually my PASSWORD for the site. It isn’t something that is easy to figure out, so I am wondering how someone could have gotten that?

2. Another item is the changes to file email I received. I didn’t make any changed but this is what it said:

file added:
wp-includes/SimplePie/XML/Declaration/gallery.php

Another time:
file added:
polls.php
wp-content/themes/twentyfourteen/javascript.php
wp-content/themes/Avada/framework/plugins/LayerSlider/skins/defaultskin/code.php
wp-content/themes/Avada/framework/plugins/tf-flexslider/inc/admin.php
wp-content/plugins/ultimate-tinymce/addons/advhr/langs/javascript.php
wp-content/plugins/ultimate-tinymce/addons/clear/images/system.php
wp-content/plugins/ultimate-tinymce/addons/clker/img/session.php
wp-content/plugins/ultimate-tinymce/addons/w3cvalidate/langs/diff.php
wp-content/plugins/ultimate-tinymce/addons/defines.php
wp-content/plugins/gravityforms/js/lib.php
wp-content/plugins/gravityforms/css.php
wp-content/plugins/backupbuddy/controllers/pages/_ms_import/general.php
wp-

content/plugins/backupbuddy/destinations/dropbox/lib/dropbuddy/pear_includes/HTTP/OAuth/C

onsumer/Exception/include.php
wp-

content/plugins/backupbuddy/destinations/dropbox/lib/dropbuddy/pear_includes/HTTP/OAuth/S

ignature/template.php
wp-content/plugins/backupbuddy/pluginbuddy/lib/updater/images/cache.php
wp-content/plugins/better-wp-security/core/content/model.php
wp-content/plugins/better-wp-security/core/functions.php
wp-content/uploads/2015/03/update-8b4b5bc8c5c3f51e0a1288a771369641/tmp/encode.php
wp-content/uploads/2015/03/update-

8b4b5bc8c5c3f51e0a1288a771369641/tmp/_input_1_wp_init.php5
wp-includes/js/tinymce/plugins/media/defines.php
wp-includes/js/tinymce/skins/lightgray/error.php
wp-includes/SimplePie/Decode/plugin.php

file modified:
wp-config-sample.php
wp-content/themes/Avada/framework/plugins/tf-flexslider/wooslider.php
wp-content/themes/Avada/woocommerce/single-product/add-to-cart/quantity.php
wp-content/plugins/backupbuddy/_importbuddy/importbuddy/controllers/pages/6.php
wp-content/plugins/backupbuddy/_importbuddy/importbuddy/views/_header.php
wp-content/plugins/backupbuddy/controllers/pages/_ms_import/_step1.php
wp-content/plugins/backupbuddy/controllers/pages/server_info/remote_sends.php
wp-content/plugins/backupbuddy/controllers/pages/server_info/index.php
wp-content/plugins/backupbuddy/destinations/_s3lib/aws-sdk/services/s3.class.php
wp-content/plugins/better-wp-security/lib/one-version/class-itsec-one-version.php
wp-content/plugins/better-wp-security/modules/free/core/setup.php
wp-content/plugins/better-wp-security/modules/free/hide-backend/class-itsec-hide-

backend-admin.php
wp-content/uploads/pb_backupbuddy/index.php
wp-cron.php
wp-includes/functions.php
wp-includes/theme-compat/footer.php
wp-includes/pomo/entry.php
wp-includes/template-loader.php
wp-includes/class-wp-customize-manager.php
wp-includes/class-wp-customize-setting.php

——————————————————————–

With the above info that I have given, can you tell me if my site is hacked (everything is fine on the front end) or some bad files planted? After I received those messages I upgraded the theme and the latest version of wordpress.

Thank you so much

https://www.ads-software.com/plugins/better-wp-security/