.htaccess

# .htaccess for WordPress Plugins Overview

# DOMAIN AND SUBDOMAIN REWRITE
<IfModule mod_rewrite.c>
	RewriteEngine On
	RewriteBase /

	RewriteCond %{REMOTE_ADDR} !127.0.0.1
	RewriteCond %{HTTPS} off
	RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</IfModule>

# SET MIME TYPES according to file extension
<IfModule mod_mime.c>
	AddType application/json .json
	AddType text/css .css
	AddType text/csv .csv
	AddType text/html .html .htm .php
	AddType text/javascript	.js
</IfModule>
	
# SET EXPIRES HEADERS
<IfModule mod_expires.c>
	ExpiresActive On
	ExpiresDefault "access plus 1 week"

	# CSS and Javascript
	ExpiresByType text/css "access plus 1 year"	
	ExpiresByType text/javascript "access plus 1 year"
	
	# HTML documents, Feeds
	ExpiresByType text/html "access plus 0 seconds"
	
	# Data
	ExpiresByType application/json "access plus 2 seconds"
</IfModule>

# SET HEADERS FOR CACHING / SECURITY
<IfModule mod_headers.c>
	# SET HEADERS FOR CACHING
	Header always unset ETag
	FileETag None
	Header append Vary Accept-Encoding
	Header always unset Cache-Control
	Header merge Cache-Control "public, must-revalidate, proxy-revalidate"
	
	# SET HEADERS FOR SECURITY
	Header set Strict-Transport-Security "max-age=63072000; preload"

	Header set X-Content-Type-Options "nosniff"
	Header set X-Frame-Options "deny"
	Header set X-XSS-Protection "1; mode=block"

	Header set Content-Security-Policy "default-src 'self'"
	Header set Permissions-Policy "geolocation=()"
	Header set Referrer-Policy same-origin

	# Remove server information
	Header set Server ""
	Header always unset Server
	
	# Remove PHP version etc.
	Header set X-Powered-By ""
	Header always unset X-Powered-By
</IfModule>

# ENABLE GZIP COMPRESSION
<IfModule mod_deflate.c>
	SetOutputFilter DEFLATE
	AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript application/json
</IfModule>


# DISABLE THE SERVER SIGNATURE
	ServerSignature Off

# DISALLOW ACCESS TO PRIVATE FILES
<files config.php>
	<IfModule mod_authz_core.c>
	    Require all denied
	</IfModule>
	<IfModule !mod_authz_core.c>
    	Order allow,deny
    	Deny from all
	</IfModule>
</files>
<files config.sample.php>
	<IfModule mod_authz_core.c>
	    Require all denied
	</IfModule>
	<IfModule !mod_authz_core.c>
    	Order allow,deny
    	Deny from all
	</IfModule>
</files>
<files functions.php>
	<IfModule mod_authz_core.c>
	    Require all denied
	</IfModule>
	<IfModule !mod_authz_core.c>
    	Order allow,deny
    	Deny from all
	</IfModule>
</files>