# Block dangerous file execution
<FilesMatch "\.(php|php3|php4|php5|php7|phtml|pl|py|jsp|asp|sh|cgi|rb|exe|dll|msi)">
  Order Deny,Allow
  Deny from all
</FilesMatch>

# Block dangerous script names
<FilesMatch "(clone|shell|c99|r57|b374k|symlink|bypass|up\.php|upload\.php)">
  Order Deny,Allow
  Deny from all
</FilesMatch>

# Allow only safe file types
<FilesMatch "\.(jpg|jpeg|png|gif|webp|svg|pdf|mp4|mp3|zip|doc|docx)$">
  Order Allow,Deny
  Allow from all
</FilesMatch>

# Disable PHP execution
php_flag engine off
