I have few suggestions Prevent PHP execution tweak.
When there are some exclusions added and the tweak is resolved, the description says
PHP execution is locked down. The following file paths have been allowed in the /wp-content directory :
So it's not clear that it should be a file name. Maybe it would be better to change this description.
Also, that'd be great - the ability to specify *where* we want to disable PHP execution would be great as well, i.e. themes, plugins, uploads or everywhere (so we can skim themes if it's causing major issues, etc).
Ans I guess the ideal solution would be some sort of whitelist option during the 'scan' (where it will say "your site is using .... php files. do you want to whitelist them?"