i'm testing your Defender Plugin and i activated the .php-prevention for the wp-content Folder.
Now i have an issue whit a Plugin, which have to execute in the folder. there are several files/APIs that need direct access via php (leaflet-geojson.php, leaflet-fullscreen.php, leaflet-api.php, leaflet-geojson.php, leaflet-georss.php, leaflet-geositemap.php, leaflet-kml.php, leaflet-qr.php, leaflet-wikitude.php,
inc/proxy.php). The Plugin is located in wp-content/plugins/leaflet-maps-marker-pro
How i exclude the whole directory or the specific files that they can be execute in the wp-content folder?