When MainWP runs it’s security checks, it has a Fixer for searchable file directories, and it places blank index.php in directories that could otherwise be searchable (likely other protections in place, but it’s still a good fix).
However, the Unrecognised File Scanner in Shield picks this up as potentially dangerous files. If they are deleted by the scanner’s auto delete option, then MainWP’s check will fail agaijn, and once re-fixed, will cause the problem to keep re-occuring in a loop.
Of course, Shield can be set to report only, and an admin can approve these files for ignoring… But righlty one of Shield’s checks to warn on is files not being auto-deleted.
It would be good if Shield could recognise that these files are put in place by MainWP by reading something from MainWP or there being a hook from the MainWP Fix, and then auto ignore them?
(If it’s easier, and maybe offers wider benefits, maybe Shield could check the contents of any index.php or even recognised file and if it’s empty, auto ignore? Maybe create an MD5 or other hash of the file and store it, and for future scans, check to make sure the hash hasn’t changed and if it has, check the file to make sure it’s still empty, and then if not to flag it as a unrecognised file either for deletion or reporting as per option setting?)