Your WAN IP will not be able to access any XAMPP files or folders outside of the server's DocumentRoot folder the
\xampp\htdocs folder including any XAMPP related files or folders in this htdocs folder, which is the new security feature in 1.7.2 and I am sure you will appreciate this security measure as you would not want any old hacker gaining access to your PC via your Apache web server.
This security measure is configured in the
\xampp\apache\conf\extra\httpd-xampp.conf file.
So if you put your web site in a folder in the
\xampp\htdocs folder your friend using the WAN IP should be able to access it.
http://xxx.xxx.xxx.xxx/mywebsite should then find the index file in the
\xampp\htdocs\mywebsite folder.
The configuration of a VirtualHost directive in the
\xampp\apache\conf\extra\httpd-vhosts.conf file can override this behavior and a forum search in the XAMPP for Windows for
virtualhost may find many examples of how to do this this.
BTW if you want your friend to access any file or folder or selected files and folders on your PC, including the XAMPP installation, then you would need to set up a Remote Access facility which is beyond the scope of this forum to assist.