Hi, this is a really great plugin! I would like to suggest some features that I think will make it even greater...
1) It would be good if Total Security ("TS") could actually change or fix some of the issues listed in the Vulnerability Scan. For example, the "Better WordPress Security" plugin is able to change some of these things, but I would prefer to only use Total Security and not the other one. For example, it would be great if TS could actually change (hide) the following things - I mean as options on the Settings page - so the administrator can decide if he wants TS to change these things or not;
* Header: Reveal full WordPress version info
* Header: RSD (Really Simple Discovery) mechanism used by XML-RPC clients
* Header: Windows Live Writer or other blogging clients
* Check for display of unnecessary information on failed login attempts.
As I mentioned, Better WordPress Security can already "fix" (hide) the above items. But I'd prefer it if Total Security could fix them instead. :)
2) The scan for "Check if uploads folder is browsable by browsers" shows me the yellow icon and the answer "Unable". I have already set Options -Indexes in my .htaccess file, but in addition, I also created a 301 redirection from my uploads folder which redirects back to my main home page - I did that for an additional layer of security, and to ensure that anybody who tries to browse my uploads folder directly, will end up back at the home page and still be able to continue navigating my website (rather than just getting an ugly 403 error).
Is it possible for Total Security to "understand" my 301 redirection from the uploads folder, and to show a green icon because the uploads folder is really not browsable?
3) It would be nice if TS could be configured to ignore (whitelist) certain folders or files for the Unsafe Files Search - eg. it lists some files as unknown (eg. those in my /wp-admin/images/screenshots folder) which are totally safe and don't need to be listed.
4) It would be nice if the scans (Core Exploit Scanner, Vulnerability Scan, Unsafe Files Search) could be run on a regular (configurable) basis, eg. daily, and the results emailed to the admin (but only when the results change). Then I don't have to remember to check it myself - it's fully automatic. :)