I likely don't understand at the need for such worries about server side security as a professional on this sector would..
What is it that you need to understand and don't? You asked for some PHP coding help with very specific parameters attached to your request and that's exactly what I provided. When requesting medical assistance, do you understand fully all of the medical procedures involved and do you insist on staying awake throughout and having them explained in ongoing lurid detail to ensure that your cardiac surgeon is using the "right" scalpel and holding it "correctly" while you "kibbitz" from the operating table and question his views on what's safe and what isn't for your own good health?
In your original request you said: "We need a developer capable of creating php script that can perform several features and functions that are very specific."
I've already explained the fundmental issues involved in those "very specific" parameters no less than three times since then. A single-file package designed to meet your specs (your original specs, that is, not the things you keep adding to them) involves certain security considerations. You may not understand all of them in detail, BUT you are not the only potential user and, AFAIK, the only person who actually is using it isn't complainig about too much site security. In any case, I WILL NOT deviate from the minimums that my own personal integity demands. Period. Full stop. End of FINAL explanation!!! I'm certainly not going to publish detailed "cracker advice" here or elsewhere for "script kiddies" to exploit.
Nevertheless, what about topic #3 on the wishlist? Can it be removed?
IT'S ALL ONE. It is integral to the whole package. Safe and secure coding is not bits and pieces that are tacked on at random here or there and can be removed at whim. You asked for both public browsing and administrative site managment to be included in one single-file package and that's what you got. The necessary elements are there as part of the package design to meet that request. They stay there. It's a dead issue as far as I'm concerned. Remove any part yourself at your own risk. Do whatever you want with it. It's all yours. I'm now working (more like playing actually) with something that corresponds with my own ideas and can do much more than a single-file browser package ever could if I fussed with its minor details forever and a day for the sake of mere arbitrary appearance issues.
I did what I agreed to do. WB Browser v0.30 is now YOURS! I'm done with it. Please take it away and bury it somewhere. From what I can understand, it's an orphan anyhow, or a single-parent child at best. And, based on my own follow-up discussions, even its one lone user seems willing to consider trading it in for something better and more suitable to the broader realities of the total "mission". I'm willing to accept that verdict on my own effort. Are you willing to do the same regarding what you specified in the first place??? --- That's a rhetorical question, BTW. It really doesn't matter whether either of us accepts it willingly or not. It's just a question of whether one will waste more time trying to "rescue" something beyond hope. I won't.
Instead of rehashing trivial ornamentation of a bygone failure (well, bygone for me at least) have you taken my "hint" to even glance at what I'm currently doing on my own? The admin login for the test installation is still "admin - admin". And, in view of your near obsession with appearance details, you might want to note, in particular, the « Modify Winbuilder Client Preferences » link at the bottom of the admin page -- a mere forerunner of what I have in mind.