sonnetmia/.htaccess

## .htaccess
<IfModule mod_headers.c>
  Header set X-XSS-Protection "1; mode=block"
  Header always append X-Frame-Options SAMEORIGIN
  Header set X-Content-Type-Options: "nosniff”
  #Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
  Header always edit Set-Cookie (.*) "$1; HTTPOnly"
  Header always edit Set-Cookie (.*) "$1; Secure"
</IfModule>

#from: http://codex.wordpress.org/Hardening_WordPress
<files wp-config.php>
order allow,deny
deny from all
</files>
#end: from http://codex.wordpress.org/Hardening_WordPress

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /

#block requests to xmlrpc.php file
RewriteRule ^xmlrpc\.php$ "http\:\/\/0\.0\.0\.0\/" [R=301,L]

#from: http://codex.wordpress.org/Hardening_WordPress
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
#end: from http://codex.wordpress.org/Hardening_WordPress

</IfModule>
# Thanks to https://gist.github.com/jel3/9333e55694fc13a321bc

#Disable Indexing
Options -Indexes
#To unset Etags
Header unset Pragma
FileETag None
Header unset ETag
ServerSignature Off
<Files .htaccess>
Order Allow,Deny
Deny from all
</Files>
<Files "log.txt">
Order Allow,Deny
Deny from all
</Files>

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
	<IfModule mod_headers.c>
	Header set X-XSS-Protection "1; mode=block"
	Header always append X-Frame-Options SAMEORIGIN
	Header set X-Content-Type-Options: "nosniff”
	#Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
	Header always edit Set-Cookie (.*) "$1; HTTPOnly"
	Header always edit Set-Cookie (.*) "$1; Secure"
	</IfModule>

	#from: http://codex.wordpress.org/Hardening_WordPress
	<files wp-config.php>
	order allow,deny
	deny from all
	</files>
	#end: from http://codex.wordpress.org/Hardening_WordPress

	<IfModule mod_rewrite.c>
	RewriteEngine On
	RewriteBase /

	#block requests to xmlrpc.php file
	RewriteRule ^xmlrpc\.php$ "http\:\/\/0\.0\.0\.0\/" [R=301,L]

	#from: http://codex.wordpress.org/Hardening_WordPress
	RewriteRule ^wp-admin/includes/ - [F,L]
	RewriteRule !^wp-includes/ - [S=3]
	RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
	RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
	RewriteRule ^wp-includes/theme-compat/ - [F,L]
	#end: from http://codex.wordpress.org/Hardening_WordPress

	</IfModule>
	# Thanks to https://gist.github.com/jel3/9333e55694fc13a321bc

	#Disable Indexing
	Options -Indexes
	#To unset Etags
	Header unset Pragma
	FileETag None
	Header unset ETag
	ServerSignature Off
	<Files .htaccess>
	Order Allow,Deny
	Deny from all
	</Files>
	<Files "log.txt">
	Order Allow,Deny
	Deny from all
	</Files>

	# BEGIN WordPress
	<IfModule mod_rewrite.c>
	RewriteEngine On
	RewriteBase /
	RewriteRule ^index\.php$ - [L]
	RewriteCond %{REQUEST_FILENAME} !-f
	RewriteCond %{REQUEST_FILENAME} !-d
	RewriteRule . /index.php [L]
	</IfModule>
	# END WordPress