# BEGIN HMWP_RULES
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^([_0-9a-zA-Z-]+/)?core/modules/d0f4711431/(.*) /wp-content/plugins/hide-my-wp/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?core/modules/3e9ee27a62/(.*) /wp-content/plugins/disable-comments/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?core/modules/ccc473c329/(.*) /wp-content/plugins/elementor-pro/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?core/modules/f65f29574d/(.*) /wp-content/plugins/elementor/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?core/modules/53f3e6e6ea/(.*) /wp-content/plugins/loginpress/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?core/modules/e8b12f0df8/(.*) /wp-content/plugins/ocean-elementor-widgets/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?core/modules/a36fd26bce/(.*) /wp-content/plugins/ocean-extra/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?core/modules/a6518c5513/(.*) /wp-content/plugins/ocean-social-sharing/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?core/modules/7d2c21aa54/(.*) /wp-content/plugins/ocean-sticky-header/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?core/modules/7ac87f794b/(.*) /wp-content/plugins/really-simple-ssl-pro/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?core/modules/f9e2c7db84/(.*) /wp-content/plugins/really-simple-ssl/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?core/modules/5f535e89d2/(.*) /wp-content/plugins/wordfence/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?core/modules/f9c7f63a6a/(.*) /wp-content/plugins/wordpress-seo/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?core/modules/c923cd7bba/(.*) /wp-content/plugins/wp-mail-smtp/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?core/modules/fe60a4e968/(.*) /wp-content/plugins/wp-super-cache/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?core/modules/067a15d05a/(.*) /wp-content/plugins/wpforms-lite/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?core/modules/(.*) /wp-content/plugins/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?core/views/158994cc0c/design.css$ /wp-content/themes/oceanwp/style.css [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?core/views/158994cc0c/(.*) /wp-content/themes/oceanwp/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?core/views/6ca4266385/design.css$ /wp-content/themes/twentynineteen/style.css [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?core/views/6ca4266385/(.*) /wp-content/themes/twentynineteen/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?core/views/51a12ba5b2/design.css$ /wp-content/themes/twentytwentyfour/style.css [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?core/views/51a12ba5b2/(.*) /wp-content/themes/twentytwentyfour/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?core/views/(.*) /wp-content/themes/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?storage/(.*) /wp-content/uploads/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?core/(.*) /wp-content/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?lib/(.*) /wp-includes/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?comments/(.*) /wp-comments-post.php$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?writer/(.*) /author/$2 [QSA,L]
</IfModule>


# END HMWP_RULES
# BEGIN HMWP_VULNERABILITY
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{THE_REQUEST} etc/passwd [NC,OR]
RewriteCond %{THE_REQUEST} cgi-bin [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*object.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^o]*o)+bject.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [NC,OR]
RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR]
RewriteCond %{QUERY_STRING} concat[^\(]*\( [NC,OR]
RewriteCond %{QUERY_STRING} union([^s]*s)+elect [NC,OR]
RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR]
RewriteCond %{QUERY_STRING} (sp_executesql) [NC]
RewriteRule ^(.*)$ - [F]
</IfModule>

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI} !/wp-admin [NC]
RewriteCond %{QUERY_STRING} ^author=\d+ [NC]
RewriteRule ^(.*)$ - [L,R=404]
</IfModule>

<IfModule mod_headers.c>
Header always unset x-powered-by
Header always unset server
ServerSignature Off
</IfModule>

<IfModule mod_headers.c>
Header set Strict-Transport-Security "max-age=15768000;includeSubdomains"
Header set Content-Security-Policy "object-src 'none'"
Header set X-XSS-Protection "1; mode=block"
Header set X-Content-Type-Options "nosniff"
</IfModule>


<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP:Cookie} !(wordpress_logged_in_|hmwp_logged_in_|wp-postpass_|wptouch_switch_toggle|comment_author_|comment_author_email_) [NC]
RewriteCond %{REQUEST_URI} ^/wp-content/$ [NC,OR]
RewriteCond %{REQUEST_URI} ^/wp-content/[^\.]+/?$ [NC,OR]
RewriteCond %{THE_REQUEST} /wp-content/plugins/[^\.]+(\.php|\.htm|\.html|\.rtf|\.rtx|\.txt|\.lock) [NC,OR]
RewriteCond %{THE_REQUEST} /wp-content/themes/[^\.]+(\.php|\.htm|\.html|\.rtf|\.rtx|\.txt|\.lock)    [NC,OR]
RewriteCond %{THE_REQUEST} /wp-content/uploads/[^\.]+(\.php|\.htm|\.html|\.rtf|\.rtx|\.txt|\.lock) [NC,OR]
RewriteCond %{THE_REQUEST} /wp-includes(/.*)? [NC,OR]
RewriteCond %{THE_REQUEST} /([_0-9a-zA-Z-]+/)?(wp-config-sample\.php|readme\.html|readme\.txt|install\.php|license\.txt|php\.ini|bb-config\.php|error_log) [NC]
RewriteRule ^(.*)$ - [L,R=404]
</IfModule>

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI} /(wp-config-sample\.php|readme\.html|readme\.txt|install\.php|license\.txt|php\.ini|bb-config\.php|error_log) [NC]
RewriteRule ^(.*)$ - [L,R=404]
</IfModule>


# END HMWP_VULNERABILITY
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . index.php [L]
</IfModule>

#Begin Really Simple Security
Options -Indexes
#End Really Simple Security
# BEGIN WordPress
# Les directives (lignes) entre « BEGIN WordPress » et « END WordPress » sont générées
# dynamiquement, et doivent être modifiées uniquement via les filtres WordPress.
# Toute modification des directives situées entre ces marqueurs sera surchargée.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress
# Wordfence WAF
<Files ".user.ini">
<IfModule mod_authz_core.c>
	Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
	Order deny,allow
	Deny from all
</IfModule>
</Files>
# END Wordfence WAF
