The user could rename the php (its not dependent on a certain name) and you would have to find it and most users should be putting a blank index.php or html to make it a little harder.
I would do it that way but this really doesn't have any important info. I all reality I could grab any app and sniff the traffic and grab what I needed. Now if it was keeping user info most definitely Mysqli, antiflood, ip ban and multi factor sign in.
lol true
I may make some edits to this