The error above could also be caused by someone (probably a bot) trying to directly access http://yoursite.com/wp-content/plugins/wordfence/lib/wfUnlockMsg.php
Accessing the file without having WordPress "include()" it will give that message -- the error itself isn't dangerous, and normal users shouldn't be going to that page.
It might mean that your web server lets remote users see what files are in directories (ignoring .htaccess), or there is an anonymous FTP server that shows the same files/folders, or there is a bot that knows what files Wordfence contains, and it's scanning to see if they exist (possibly looking for sites running outdated versions).
I see errors in error_log similar to this once in a while, but usually on WP core files. Usually, it is probably nothing to worry about as long as your core and plugins are up to date -- aside from being paranoid about having your site tested by someone with ill intentions (but of course that happens daily on most sites, in one way or another.)
