“I see this feature all security plugin and think it is reasonable to have it. I think it will be better if Security Ninja also has it.” Suggestion by Cuong
Suggestion by Jose
When possible, offer a way to automatically restore an infected file by clicking a button.
Add scheduled malware scans with reports by email. Suggested by Mulyadi.
Use the haveibeenpwned.com API to check the user emails and/or passwords have not been part of a breach. Note: This will require setting up an intermediary API endpoint, since not possible to hide the HIBP key in the plugin. ref: https://www.troyhunt.com/authentication-and-the-have-i-been-pwned-api/
Make it impossible to detect your website is running WordPress at all. By Jay.