nav_menu.php hack on freshinstall

Hi,

I have read all I could find on Google and on these forums. And I understand that the security issue with the core file nav_menu.php is a problem caused by insecure plugins in most cases.

I’ve just made a fresh install of WordPress (ver. 4.5.2), first plugin I installed was Wordfence Premium.

The site is on a non www url, but still visible to the world, and not linked anywhere. Still in under 48 hours the WordPress installation has a hacked nav_menu.php file.

I going crazy over this, please if anyone has tips and tricks, let me know.

The site is hosted at Siteground on sharedhosting, but afaik it should be a decent hosting provider.

Plugins installed in WordPress:
Akismet (Not active)
Breadcrumb NavXT (Active)
Hello Dolly (Not active)
Popup Maker (Active)
TemplatesNext ToolKit (Active)
Wordfence Security (Active)
WPForms (Active)

Theme: i-excel Version: 1.1.9
Everything is updated.