One solution to make the hash function more general, other than using the entire message as initial condition (which will become computationally very demanding for long messages), is, as I described earlier, to use another known hash function such as SHA-512 to generate the initial condition.
Then the function is no more secure than SHA-2 so why not just use SHA-2 if the goal is security?
It still may be useful to for a PoW by moving the nonce outside of the blockheader.
R30(nonce + H(blockheader)) < target
The security of the PoW still relies on the preimage resistance of H however if R30 is irreducible then it would prevent more efficient work in the PoW. This has the advantage of making mining hardware highly commoditized which means lower margins (anyone can do it and they work about the same) which is optimal from a security point of view.
Also, the often used Merkle–Damgård construction has problems: <snipped>
These are weaknesses known to M-D and they are what cryptographers target when attempting to "break" the hashing function. To date nobody has shown a preimage attack on SHA-1 or the more complex SHA-2 is possible.
The issue of length extension doesn't apply to PoW as the header has a fixed length and ordering. Even if you could perform a preimage attack on an existing block via length extension the resulting block would be invalid regardless of the block hash because Bitcoin blocks must be exactly 840 bytes and the elements ordered in a specific order.
In applications where the hash will protect variable length data using a HMAC over the pure hashing function is preferable. HMAC don't suffer from length extension attacks and they make collision attacks less effective. Still this is academical at this point as most hashing functions are still secure against preimage attacks (even the ancient MD5). A major goal of the SHA-3 competition was to bypass some of the weaknesses of M-D construction and as such there are theoretical length extension attacks on SHA-3. Still time trumps all, SHA-2 has been vetted more than SHA-3 at least as of today. Maybe in a decade or so but SHA-3 is a little ahead of its time as SHA-2 held up better than NIST expected it to.