In Defender's ten security tweaks, the final option is 'Prevent PHP execution' which seems to place a .htaccess file in the /wp-content folder.
However... this can cause some plugins not to function, such as OneSignal. As a consequence I've had to disable this option to get OneSignal to work, but this removes some protection.
Would it be possible to enhance Defender somehow to allow exceptions to be added? So it can protect all folders except some specified? Then I could specify just the OneSignal plugin folder, but all other folders would still be safe.
Could that feature be added?