Hi,
I had checked "scan files outside" option but still it was same, somehow i got another plugin "Anti Malware" from GOTMLS.NET and it detected some backdoor and have cleaned the same now, wordfence is also good and helping me overall, currently i see that there are 3-4 urls created under Firewall > whitelisted what is this ? it reads as below
Filter URL: /wp-admin/admin.php
Filter param: request.body[wpcf7-mail-body]
Filter Source: Whitelisted by via false positive dialog
Ip: some different IP which is not mine
Thanks