On Friday I installed the (free version of) the Wordfence security plugin, and now it shows a lot of "suspicious" files ("Unknown files in WordPress core). After reading a bit in the Wordfence forum, I'm trying to determine whether these come from Regain or my host's managed WordPress installation, and if it would be safe to delete them or have them ignored in future security scans. I don't know anything about this.
There's a long list, it's only .ini files with names like:
Do they come from the theme? If so, apparently they're in the wrong directory – what could be done about that?
Or should I contact my hoster?
Thanks in advance!