Options -Indexes

# Deny access by IP address
#order deny,allow
#deny from all
#allow from 12.12.12.12

# Deny access to admin system by IP address
#RewriteCond %{REQUEST_URI} ^.*/admin.*$ [NC]
#RewriteCond %{REMOTE_ADDR} !^12.12.12.12$
#RewriteRule ^.*$ - [F,L]

# Deny access by User Agent
#RewriteCond %{HTTP_USER_AGENT} ^.*(spider|bot|python).*$ [NC]
#RewriteRule ^.*$ - [F,L]

# Deny access by language
#RewriteCond %{HTTP:Accept-Language} !^(ja|en).*$ [NC]
#RewriteRule ^.*$ - [F,L]

# Deny access to dangerous files
RewriteCond %{REQUEST_URI} (\.env|vendor|phpunit|\.git|\.sql|\.bak|\.ini|\.cgi|\.py) [NC]
RewriteRule ^ - [F,L]

# Deny any URI that contains wp-admin, wp-includes, or wp-content
RewriteCond %{REQUEST_URI} (wp-admin|wp-includes|wp-content) [NC]
RewriteRule ^ - [F,L]

# Deny access to all .php files except index.php and test_pi.php
RewriteCond %{REQUEST_URI} \.php$ [NC]
RewriteCond %{REQUEST_URI} !/(index|test_pi)\.php$ [NC]
RewriteRule ^ - [F,L]

# Deny access to well-known files
RewriteRule ^\.well-known/ - [R=404,L]

<IfModule mod_headers.c>
	Header always set Cache-Control "no-store, no-cache, must-revalidate, max-age=0"
	Header always set Pragma "no-cache"
	Header always set Expires 0
</IfModule>

<IfModule mod_rewrite.c>
	RewriteEngine On
	RewriteCond %{REQUEST_FILENAME} !-d
	RewriteCond %{REQUEST_FILENAME} !-f
	RewriteRule ^ index.php [L]
</IfModule>
