Tbh, I don't have anything to recommend and I'm sure there's stuff out there that can do far more than I'm imagining, but nothing that analyzes via the web can give you any real guarantee of security. Via the web, it can't analyze your php (or other dynamic content) for coding errors, it can't detect files that aren't linked directly (unless you have directory listings on for every dir) and it can't do things like analyze for appropriate file permissions. I'd recommend following the vulnerability reports for all products you use and doing a common sense scan of what you have up there by hand.
For instance, I recently discovered that a php blog I'd been running had been hacked. I could have prevented it by:
1) checking back at the website where I found it, because the vulnerability had been fixed months ago
2) putting sane write permissions on everything that the webserver has access to (the exploit should not have had permission to create the directories it did)
3) doing a basic scan of the product and hacking out things that I wasn't going to use and/or that were just begging for trouble (like image upload, or allowing a hacker to download the password hash)
Of course if you've done that and still want a tool (sounds like this is a business willing to throw money at it), then go nuts