Just a heads up, if someone is running WordPress + WordFence on their main website ( example.com ) and they install your 3rd party non-wordpress PHP script in a subdomain or subfolder ( example.com/my-app/ ) then WordFence may block access to this 3rd party app.
WordFence adds an auto_prepend_file PHP setting, so every PHP script will load WordFence first ( even if it’s not a WordPress PHP script )
http://dtbaker.net/wordpress/wordfence-blocking-3rd-party-php-scripts/