Suggested NGINX rules improvement

Looking at the nginx rules that iThemes Security generates, I believe it would be better to return a 404 instead a 403.

For example:
location ~ /readme\.html$ { deny all; }
could be replaced with
location ~ /readme\.html$ { return 404; }

Given that most attacks are automated, my approach is to hide the fact that the site is WP by renaming wp-content, disallowing wp-admin, hiding headers, and so on.

So I think it would be better if iThemes returned 404s for all forbidden/suspicious stuff. This would better throw off attacks (of course it won’t be a cure-all, but a step in the right direction).