My security app is flagging the following files as “This file appears to have been added to your site.” It is because the security app believes they are in the Core WP area.
It this OK? It looks to me as though you have put them where you intended. Right?
includes/font/unifont/dejavusans-bold.cw127.php
includes/font/unifont/dejavusans-bold.mtx.php
includes/font/unifont/dejavusans.cw127.php
includes/font/unifont/dejavusans.mtx.php