nfsarmento/.htaccess

## .htaccess
## Use the code below only if you had enable .htaccess - "AllowOverride All"
## You may need to enable mod_headers on apache - "a2enmod headers"
## The code below goes under the rules that you should have if you are using WordPress

#BEGIN https code
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

#BEGIN Block bad hackers
SetEnvIfNoCase User-Agent "^libwww-perl*" block_bad_bots
Deny from env=block_bad_bots

# Disable directory browsing
Options All -Indexes

# Deny access to all .htaccess files
<files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</files>

# Deny access to readme.html
<files readme.html>
Order allow,deny
Deny from all
</files>

# Deny access to license.txt
<files license.txt>
Order allow,deny
Deny from all
</files>

# Deny access to wp-config.php file
<files wp-config.php>
order allow,deny
deny from all
</files>

# Deny access to error_log
<files error_log>
Order allow,deny
Deny from all
</files>

# Deny access to wp-includes folder and files
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
</IfModule>

# Blocks some XSS attacks
<IfModule mod_rewrite.c>
RewriteCond %{QUERY_STRING} (\|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule .* index.php [F,L]
</IfModule>

# Restricts access to PHP files from plugin and theme directories
RewriteCond %{REQUEST_URI} !^/wp-content/plugins/file/to/exclude\.php
RewriteCond %{REQUEST_URI} !^/wp-content/plugins/directory/to/exclude/
RewriteRule wp-content/plugins/(.*\.php)$ - [R=404,L]
RewriteCond %{REQUEST_URI} !^/wp-content/themes/file/to/exclude\.php
RewriteCond %{REQUEST_URI} !^/wp-content/themes/directory/to/exclude/
RewriteRule wp-content/themes/(.*\.php)$ - [R=404,L]

# Secure headers
<IfModule mod_headers.c>
	Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
</IfModule>

<IfModule mod_headers.c>
	Header always append X-Frame-Options SAMEORIGIN
</IfModule>

<IfModule mod_headers.c>
    Header set X-XSS-Protection: "1; mode=block"
</IfModule>

<IfModule mod_headers.c>
	Header set X-Content-Type-Options nosniff
</IfModule>

<IfModule mod_headers.c>
	RequestHeader set X-HTTPS 1
	Header set Referrer-Policy "no-referrer-when-downgrade"
</IfModule>
	## Use the code below only if you had enable .htaccess - "AllowOverride All"
	## You may need to enable mod_headers on apache - "a2enmod headers"
	## The code below goes under the rules that you should have if you are using WordPress

	#BEGIN https code
	RewriteEngine On
	RewriteCond %{HTTPS} off
	RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

	#BEGIN Block bad hackers
	SetEnvIfNoCase User-Agent "^libwww-perl*" block_bad_bots
	Deny from env=block_bad_bots

	# Disable directory browsing
	Options All -Indexes

	# Deny access to all .htaccess files
	<files ~ "^.*\.([Hh][Tt][Aa])">
	order allow,deny
	deny from all
	satisfy all
	</files>

	# Deny access to readme.html
	<files readme.html>
	Order allow,deny
	Deny from all
	</files>

	# Deny access to license.txt
	<files license.txt>
	Order allow,deny
	Deny from all
	</files>

	# Deny access to wp-config.php file
	<files wp-config.php>
	order allow,deny
	deny from all
	</files>

	# Deny access to error_log
	<files error_log>
	Order allow,deny
	Deny from all
	</files>

	# Deny access to wp-includes folder and files
	<IfModule mod_rewrite.c>
	RewriteEngine On
	RewriteBase /
	RewriteRule ^wp-admin/includes/ - [F,L]
	RewriteRule !^wp-includes/ - [S=3]
	RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
	RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
	RewriteRule ^wp-includes/theme-compat/ - [F,L]
	</IfModule>

	# Blocks some XSS attacks
	<IfModule mod_rewrite.c>
	RewriteCond %{QUERY_STRING} (\\|%3E) [NC,OR]
	RewriteCond %{QUERY_STRING} GLOBALS(=\|\[\|\%[0-9A-Z]{0,2}) [OR]
	RewriteCond %{QUERY_STRING} _REQUEST(=\|\[\|\%[0-9A-Z]{0,2})
	RewriteRule .* index.php [F,L]
	</IfModule>

	# Restricts access to PHP files from plugin and theme directories
	RewriteCond %{REQUEST_URI} !^/wp-content/plugins/file/to/exclude\.php
	RewriteCond %{REQUEST_URI} !^/wp-content/plugins/directory/to/exclude/
	RewriteRule wp-content/plugins/(.*\.php)$ - [R=404,L]
	RewriteCond %{REQUEST_URI} !^/wp-content/themes/file/to/exclude\.php
	RewriteCond %{REQUEST_URI} !^/wp-content/themes/directory/to/exclude/
	RewriteRule wp-content/themes/(.*\.php)$ - [R=404,L]

	# Secure headers
	<IfModule mod_headers.c>
	Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
	</IfModule>

	<IfModule mod_headers.c>
	Header always append X-Frame-Options SAMEORIGIN
	</IfModule>

	<IfModule mod_headers.c>
	Header set X-XSS-Protection: "1; mode=block"
	</IfModule>

	<IfModule mod_headers.c>
	Header set X-Content-Type-Options nosniff
	</IfModule>

	<IfModule mod_headers.c>
	RequestHeader set X-HTTPS 1
	Header set Referrer-Policy "no-referrer-when-downgrade"
	</IfModule>