bcreeves/.htaccess

## .htaccess
# Block wp-config access
<files wp-config.php>
    order allow,deny
    deny from all
</files>

# Block the include-only files.
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^wp-admin/includes/ - [F,L]
    RewriteRule !^wp-includes/ - [S=3]
    RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
    RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
    RewriteRule ^wp-includes/theme-compat/ - [F,L]
</IfModule>

# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
    order deny,allow
    deny from all
</Files>

<IfModule mod_rewrite.c>
    RewriteEngine on

    # Remove www
	RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
    RewriteRule ^(.*)$ https://%1/$1 [R=301,L]

    # Add www
    # RewriteCond %{HTTP_HOST} !^www\.
    # RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]

    # Force SSL
    RewriteCond %{HTTPS} !=on [NC]
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</IfModule>
	# Block wp-config access
	<files wp-config.php>
	order allow,deny
	deny from all
	</files>

	# Block the include-only files.
	<IfModule mod_rewrite.c>
	RewriteEngine On
	RewriteBase /
	RewriteRule ^wp-admin/includes/ - [F,L]
	RewriteRule !^wp-includes/ - [S=3]
	RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
	RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
	RewriteRule ^wp-includes/theme-compat/ - [F,L]
	</IfModule>

	# Block WordPress xmlrpc.php requests
	<Files xmlrpc.php>
	order deny,allow
	deny from all
	</Files>

	<IfModule mod_rewrite.c>
	RewriteEngine on

	# Remove www
	RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
	RewriteRule ^(.*)$ https://%1/$1 [R=301,L]

	# Add www
	# RewriteCond %{HTTP_HOST} !^www\.
	# RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]

	# Force SSL
	RewriteCond %{HTTPS} !=on [NC]
	RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
	</IfModule>