Going through PCI compliance now, so a few things that will affect amember including this one: PHP Info File Can Be Seen Publically: A file such as info.php or phpinfo.php was found on this webserver. These files typically reveal detailed information about your server's configurations and build. This information could be valuable to an attacker developing an attack on your network. Remove this file if it is not needed; otherwise, consider placing access controls on this file so that only authorized users can view it. Save to rename this file? Which config file do I need to change to make amember still be able to use it?