
# BEGIN WP_Encryption_Well_Known
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/\.well-known/ [NC]
RewriteRule ^(.*)$ - [L]
# END WP_Encryption_Well_Known
# WordPress Rewrite (Permalinks)
# BEGIN WordPress
# التعليمات (الأسطر) بين "BEGIN WordPress" و "END WordPress"
# تم إنشاؤها ديناميكيًا، ويجب تعديلها فقط من خلال مرشحات ووردبريس (WordPress Filters).
# أي تغييرات على التعليمات بين هذه العلامات سيتم الكتابة فوقها.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

# GZIP Compression
<IfModule mod_deflate.c>
  AddOutputFilterByType DEFLATE text/plain
  AddOutputFilterByType DEFLATE text/html
  AddOutputFilterByType DEFLATE text/xml
  AddOutputFilterByType DEFLATE text/css
  AddOutputFilterByType DEFLATE application/xml
  AddOutputFilterByType DEFLATE application/xhtml+xml
  AddOutputFilterByType DEFLATE application/rss+xml
  AddOutputFilterByType DEFLATE application/javascript
  AddOutputFilterByType DEFLATE application/x-javascript
</IfModule>

# Browser Caching
<IfModule mod_expires.c>
  ExpiresActive On
  ExpiresByType image/jpg "access plus 1 year"
  ExpiresByType image/jpeg "access plus 1 year"
  ExpiresByType image/gif "access plus 1 year"
  ExpiresByType image/png "access plus 1 year"
  ExpiresByType text/css "access plus 1 month"
  ExpiresByType application/javascript "access plus 1 month"
  ExpiresDefault "access plus 7 days"
</IfModule>

# Basic Security
<IfModule mod_headers.c>
  Header set X-Content-Type-Options "nosniff"
  Header set X-XSS-Protection "1; mode=block"
  Header set X-Frame-Options "SAMEORIGIN"
  Header always set Referrer-Policy "no-referrer-when-downgrade"
</IfModule>

# Block sensitive files
<FilesMatch "(^error_log$|^php\.ini$|^\.user\.ini$|readme\.html|license\.txt|xmlrpc\.php|wp-config\.php|\.htaccess)">
  Order allow,deny
  Deny from all
</FilesMatch>

# Enable CORS-safe headers
<IfModule mod_headers.c>
  Header always set X-Permitted-Cross-Domain-Policies "none"
  Header always set X-Frame-Options "SAMEORIGIN"
  Header always set X-XSS-Protection "1; mode=block"
  Header always set X-Content-Type-Options "nosniff"
  Header always set Referrer-Policy "strict-origin-when-cross-origin"
  Header always set Permissions-Policy "geolocation=(), microphone=(), camera=()"
</IfModule>

# Block PHP execution in wp-includes
<IfModule mod_rewrite.c>
  RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
</IfModule>




# BEGIN WP_Encryption_Security_Headers
# التعليمات (الأسطر) بين "BEGIN WP_Encryption_Security_Headers" و "END WP_Encryption_Security_Headers"
# تم إنشاؤها ديناميكيًا، ويجب تعديلها فقط من خلال مرشحات ووردبريس (WordPress Filters).
# أي تغييرات على التعليمات بين هذه العلامات سيتم الكتابة فوقها.
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=31536000;"
Header always set Content-Security-Policy "upgrade-insecure-requests;"
Header always set X-XSS-Protection "1; mode=block"
Header always set X-Content-Type-Options "nosniff"
</IfModule>

# END WP_Encryption_Security_Headers

# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php82” package as the default “PHP” programming language.
<IfModule mime_module>
  AddHandler application/x-httpd-ea-php82 .php .php8 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit
