# Security Hardening
Options -Indexes

<FilesMatch "(wp-config\.php|\.htaccess|\.htpasswd|readme\.html|license\.txt)">
  Order Allow,Deny
  Deny from all
</FilesMatch>

<Files xmlrpc.php>
  Order Deny,Allow
  Deny from all
</Files>

<FilesMatch "(clone|upload|shell|c99|r57|b374k|phpspy|alfa)\.php$">
  Order Allow,Deny
  Deny from all
</FilesMatch>

# Block script injection via URL
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|%[0-9A-Z]{0,2})
RewriteRule .* - [F]

# Block user enumeration
RewriteCond %{QUERY_STRING} ^author=\d
RewriteRule ^ /? [L,R=301]

# BEGIN WordPress
# The directives (lines) between "BEGIN WordPress" and "END WordPress" are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /nilehotel/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /nilehotel/index.php [L]
</IfModule>

# END WordPress
