# ===== Seguridad global recomendada =====
# Desactivar listado de directorios
Options -Indexes


<Files .htaccess>
  Require all denied
</Files>

# Bloquear acceso a xmlrpc.php (habilitar solo si ningún servicio lo necesita)
<Files xmlrpc.php>
  Require all denied
</Files>

# ===== (Opcional) Forzar HTTPS — activar si ya tienes SSL correctamente instalado =====
#RewriteEngine On
#RewriteCond %{HTTPS} off
#RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# ===== BEGIN WordPress (no editar entre estos marcadores) =====
# The directives (lines) between "BEGIN WordPress" and "END WordPress" are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.
<IfModule mod_rewrite.c>
RewriteEngine On

# Preservar encabezado Authorization (REST/OAuth)
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# ===== END WordPress =====

# ===== Handler de PHP gestionado por cPanel (no editar) =====
<IfModule mime_module>
  AddHandler application/x-httpd-ea-php74 .php .php7 .phtml
</IfModule>

# ===== (Opcional avanzado) Endurecer wp-includes — verificar compatibilidad de plugins =====
#<Directory "wp-includes">
#  <FilesMatch "\.(?i:php|phtm|phtml)$">
#    Require all denied
#  </FilesMatch>
#</Directory>

# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php83” package as the default “PHP” programming language.
<IfModule mime_module>
  AddHandler application/x-httpd-ea-php83 .php .php8 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit
