Any WordPress instance include specific files located within root install directory. You may think this is not a big deal as any site contain such file. The problem is they use a format which makes your WordPress easy traceable:
wp-blog-header.php wp-links-opml.php wp-load.php wp-mail.php license.txt readme.html
This area provide a way to control the privacy for those files making them invisible for anyone accessing from outside. They will continue to be used internally by WordPress without any problem.
This is a text file which contain the licensing terms for WordPress framework. Obviously you don’t want that visible as every site containing such file must be a WordPress.
A Hypertext Markup Language file with general information about installed WordPress, version, instalation steps, updating, requirements, resources etc.
Block access to wp-activate.php file. Through this file new users confirms that the activation key that is received in the email after signs up for a new blog, matches the key for that user. If anyone can register on your site, you should keep this off, but use the other plugin functionalities to rename to something else.
This allow for anyone to register to your site. If the registration functionality is turned off, the register-me.php should be blocked. Otherwise it should be renamed through the other plugin features.
This is a deprecated file but still present in many WordPress installs. This should be blocked.
Block other wp-*.php files
Block other wp-*.php files. E.g. wp-blog-header.php, wp-config.php, wp-cron.php. Those files are used internally, blocking those will not affect any functionality. Other root files (wp-activate.php, wp-login.php, register-me.php etc) are ignored, they can be controlled through own setting.