### Added by Truehost Safety Team ###
# Enforce HTTPS
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# Block consistently compromised paths
RewriteRule ^(arg|22)(/.*)?$ - [F,L]

# BEGIN WordPress
# The directives (lines) between "BEGIN WordPress" and "END WordPress" are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

# Disable directory browsing
Options -Indexes

# Protect .htaccess and other sensitive files
<FilesMatch "^\.">
    Order allow,deny
    Deny from all
</FilesMatch>

# Block access to wp-config.php
<Files wp-config.php>
    Order allow,deny
    Deny from all
</Files>

# Prevent PHP execution in uploads
<Directory "/wp-content/uploads/">
    <FilesMatch "\.php$">
        Order allow,deny
        Deny from all
    </FilesMatch>
</Directory>

# Prevent PHP execution in wp-includes
<Directory "/wp-includes/">
    <FilesMatch "\.php$">
        Order allow,deny
        Deny from all
    </FilesMatch>
</Directory>

# Prevent access to xmlrpc.php if not used
<Files xmlrpc.php>
    Order allow,deny
    Deny from all
</Files>

# Prevent unauthorized access to .htaccess
<Files .htaccess>
    Order allow,deny
    Deny from all
</Files>

# BEGIN seraphinite-accelerator
# The directives (lines) between "BEGIN seraphinite-accelerator" and "END seraphinite-accelerator" are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.
<IfModule mod_mime.c>
	AddType image/avif .avif
	AddType image/webp .webp
	AddType application/font-woff2 .woff2
	AddType application/x-font-opentype .otf
</IfModule>
<IfModule mod_expires.c>
	ExpiresActive on
	ExpiresByType text/css                      "access plus 525600 minutes"
	ExpiresByType text/javascript               "access plus 525600 minutes"
	ExpiresByType application/javascript        "access plus 525600 minutes"
	ExpiresByType application/x-javascript      "access plus 525600 minutes"
	ExpiresByType font/eot                      "access plus 525600 minutes"
	ExpiresByType font/opentype                 "access plus 525600 minutes"
	ExpiresByType font/woff                     "access plus 525600 minutes"
	ExpiresByType application/vnd.ms-fontobject "access plus 525600 minutes"
	ExpiresByType application/font-woff         "access plus 525600 minutes"
	ExpiresByType application/font-woff2        "access plus 525600 minutes"
	ExpiresByType application/x-font-ttf        "access plus 525600 minutes"
	ExpiresByType application/x-font-woff       "access plus 525600 minutes"
	ExpiresByType image/vnd.microsoft.icon      "access plus 525600 minutes"
	ExpiresByType image/x-icon                  "access plus 525600 minutes"
	ExpiresByType image/bmp                     "access plus 525600 minutes"
	ExpiresByType image/gif                     "access plus 525600 minutes"
	ExpiresByType image/jpeg                    "access plus 525600 minutes"
	ExpiresByType image/png                     "access plus 525600 minutes"
	ExpiresByType image/svg+xml                 "access plus 525600 minutes"
	ExpiresByType image/avif                    "access plus 525600 minutes"
	ExpiresByType image/webp                    "access plus 525600 minutes"
	ExpiresByType audio/ogg                     "access plus 525600 minutes"
	ExpiresByType video/mp4                     "access plus 525600 minutes"
	ExpiresByType video/ogg                     "access plus 525600 minutes"
	ExpiresByType video/webm                    "access plus 525600 minutes"
</IfModule>
<IfModule mod_headers.c>
	Header unset ETag
</IfModule>
FileETag None
<IfModule mod_rewrite.c>
	RewriteEngine On
	RewriteCond %{REQUEST_URI}?%{QUERY_STRING} \.(jpe|jpg|jpeg|png|gif|bmp|webp|avif)\?(|.*\&)seraph_accel_ai=([\w\-]+)\.([\w\-]+)(\&.*$|$) [NC]
	RewriteCond "/home/waynemba/dfdemo.artlorent.com/wp-content/cache/seraphinite-accelerator/s/%3/ai/%4.%1" -f
	RewriteRule . /wp-content/cache/seraphinite-accelerator/s/%3/ai/%4.%1?%2%5 [L]
</IfModule>
<IfModule mod_rewrite.c>
	RewriteEngine On
	RewriteCond %{REQUEST_URI}?%{QUERY_STRING} ([^?]+\.(jpe|jpg|jpeg|png|gif|bmp|webp|avif))\?(|.*\&)seraph_accel_ai=([\w\-]+)\.([\w\-]+)(\&[^\s]*) [NC]
	RewriteCond "/home/waynemba/dfdemo.artlorent.com/wp-content/cache/seraphinite-accelerator/s/%4/ai/%5.%2" !-f
	RewriteRule . /?seraph_accel_gi=%1&ai=%4.%5&intrnl=%4&%3%6 [L,R=302]
</IfModule>
<IfModule mod_headers.c>
	<FilesMatch \.(jpe|jpg|jpeg|png|gif|bmp|webp|avif)$>
		Header merge Vary Accept
	</FilesMatch>
</IfModule>
<IfModule mod_rewrite.c>
	RewriteEngine On
	RewriteCond %{HTTP_ACCEPT} image\/webp
	RewriteCond %{REQUEST_FILENAME} \.(jpe|jpg|jpeg|png|gif|bmp|webp|avif)$
	RewriteCond %{REQUEST_FILENAME}.webp -f
	RewriteRule ^(.*)\.(jpe|jpg|jpeg|png|gif|bmp|webp|avif)$ $1\.$2\.webp [QSA]
</IfModule>
<IfModule mod_headers.c>
	<FilesMatch \.(jpe|jpg|jpeg|png|gif|bmp|webp|avif)\.webp$>
		Header merge Vary Accept
	</FilesMatch>
</IfModule>
<IfModule mod_deflate.c>
	<IfModule mod_filter.c>
		AddOutputFilterByType DEFLATE text/plain text/css text/javascript application/javascript application/x-javascript application/json text/html text/xml application/atom+xml application/rss+xml application/xhtml+xml application/xml text/x-component application/vnd.ms-fontobject application/x-font-ttf font/eot font/opentype image/bmp image/svg+xml image/vnd.microsoft.icon image/x-icon
	</IfModule>
</IfModule>
# END seraphinite-accelerator

# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php83” package as the default “PHP” programming language.
<IfModule mime_module>
  AddHandler application/x-httpd-ea-php83 .php .php8 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit
