Some users would prefer to move config.php to a nonpublic server directory and the config.php location is hardcoded in several places making it slow and error prone to change.
Integrating a CAPTCHA test would be useful for preventing brute force and DOS attacks. Implementing CAPTCHA primitives with the Google recaptcha.php library would provide a valuable use-case to test the design soundness of the status-app.php SingleUserSession class.
Right now, when a user unpacks all the files to their server and views the index.html web app no indication of required setup are given. Pointing this out to users would help make the installation procedure more infallible.