Hi @god999, thanks for reaching out to us.
It looks like you could safely ignore the message if you wish as the paths shown are put there to be used by File Manager plugin.
The “Scan files outside your WordPress installation” feature is most useful for sites that have another WordPress site running inside a subdirectory that you don’t wish to separately install Wordfence on, or has a large quantity of other website files as you only use WordPress for the blogging section of a larger site.
As for the other settings, if your theme is totally custom-built or purchased from an third party site, it’s not recommended to turn this on as there will be no repository version to check against.
I would usually recommend turning on the plugin repository check unless resources on your hosting plan are extremely limited, but please also bear in mind that any manual plugin installations or purchases from third party marketplaces will not be checked. Wordfence looks at the www.remarpro.com repository for changes so, this applies to most customers as the usual action is to install plugins directly through WordPress’ admin area. It can be a good indicator that a site has been compromized if a large amount of plugin files differ from their intended contents – although false positives are possible.
Thanks,
Peter.
