What Roccivic said ...
If you can't put files outside of your webroot, then our
recommendation is to have all those files inside a password-protected directory.
In your case, you could password-protect some of the directories (the ones you get warnings for), but your db-config.php would still be accessible. It's not an immediate problem as long as the server is configured correctly but not really recommended.
bye, Dirk