They are hangover files from old versions of WP.
Be careful with this next step if you proceed with it.
This bit is not done on your computer:
1) Download the latest version of WordPress, unpack it, enter the unpacked package (i.e the ‘wordpress’ directory), delete the /wp-content directory from this unzipped package then zip up the content in the directory you are in (i.e everything under the ‘wordpress’ directory). This is now your custom WordPress package.
2) Upload the custom WordPress package to your server. Do nothing else with this package yet.
This bit is done on your web server:
1) Create a back up of your website’s files. I normally do this by creating a directory on the server called ‘bck’ then copying all files outside of ‘bck’ into the bck directory. Then I lock down the permissions of the bck directory so no one can access it.
2) Take note before reading step 3: Do not delete /wp-content, wp-config.php, .htaccess or your search engine metatag files (if you uploaded any). Do not delete directories used by other sites on your server.
3) Delete all WordPress files and folders (prefixed wp-) except for those files noted in step 2 (above).
4) Unpack your custom WordPress package (the one you uploaded to you web server)
5) View your website.
Be careful of the files you delete: wp-content holds your uploads, plugins and themes; wp-config.php stores your database access details; .htaccess holds the rewrite info.
