Core WordPress Files Were Modified (false positive or malware issue?)

Hi all, I have 2 WordPress blogs (with the latest 5.8.1 version installed) in which I get the above notification from Sucuri security plugin (1.8.28 version) core integrity check.

I have installed both Itheme and wordfence that Iv’e read work good together, and installed Sucuri just for the malware scan (the plugin is deactivated most of the time) I heard is powerful.
In all the security plugins I got no indication for malware or blacklist. However, in the Sucuri plugin I get a notification that core WordPress files were modified. These are the files listed on my two blog sites:

First site core files:
.user.ini
wordfence-waf.php
wp-admin/error_log
wp-cli.yml
wp-includes/blocks/error_log
wp-includes/error_log
wp-includes/widgets/error_log

Second site core files:
.user.ini
wordfence-waf.php
wp-admin/error_log
wp-admin/php.ini
wp-cli.yml
wp-includes/blocks/error_log
wp-includes/error_log
wp-includes/widgets/error_log

I would like some clarification on these files.. Are they ok, can I delete them?
There are also another 2 HTML files that are listed but I did not include here as I recognize them (Google and Facebook I used to verify my domain).

In addition, I get also this notification from Wordfence on my second site:
Unknown file in WordPress core: wp-admin/php.ini

It says that it could be a file leftover from a previous WordPress version, and not necessarily malware. It may be that I changed the domain name few months ago, using the support of Bluehost – my server host (my second site doesn’t show this notification in Wordfence). Can this be the cause?

I would welcome some clarification and help with these notifications.
Thanks in advance,