


# ====================== PRINCE PROPERTY SMART SECURITY ======================
Options -Indexes

# 1. Protect Sensitive Files
<FilesMatch "^(wp-config\.php|\.htaccess|readme\.html|license\.txt)">
    Order Allow,Deny
    Deny from all
</FilesMatch>

# ====================== WEBP + CACHING + GZIP ======================

# WebP Serving
<IfModule mod_rewrite.c>
  RewriteEngine On
  RewriteCond %{HTTP_ACCEPT} image/webp
  RewriteCond %{REQUEST_FILENAME} \.(jpe?g|png)$
  RewriteCond %{REQUEST_FILENAME}\.webp -f
  RewriteRule ^ %{REQUEST_URI}.webp [T=image/webp,L]
</IfModule>

# Vary Header for WebP
<IfModule mod_headers.c>
  <FilesMatch "\.(jpe?g|png)$">
    Header append Vary Accept
  </FilesMatch>
</IfModule>

# Browser Caching
<IfModule mod_headers.c>
  <FilesMatch "\.(webp|jpg|jpeg|png|gif|svg|ico)$">
    Header set Cache-Control "public, max-age=31536000, immutable"
  </FilesMatch>
  <FilesMatch "\.(css|js)$">
    Header set Cache-Control "public, max-age=31536000, immutable"
  </FilesMatch>
  <FilesMatch "\.(woff2|woff|ttf|eot)$">
    Header set Cache-Control "public, max-age=31536000, immutable"
  </FilesMatch>
</IfModule>

# GZIP Compression
<IfModule mod_deflate.c>
  AddOutputFilterByType DEFLATE text/html text/plain text/css
  AddOutputFilterByType DEFLATE application/javascript application/json
  AddOutputFilterByType DEFLATE image/svg+xml font/woff font/woff2
  AddOutputFilterByType DEFLATE text/xml application/xml
</IfModule>

# ====================== PRINCE PROPERTY SECURITY RULES ======================

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /

    # A. EXEMPTIONS: Allow static assets to load always
    RewriteCond %{REQUEST_URI} \.(css|js|png|jpg|jpeg|gif|ico|svg|woff|woff2)$ [NC]
    RewriteRule ^ - [L]

    # B. SECRET DOOR: /myadmin -> login with key
    RewriteRule ^myadmin/?$ /wp-login.php?access=prince [R,L]

    # C. THE LOGGED-IN PASS: If user has a WP cookie, let them access admin/login
    RewriteCond %{HTTP_COOKIE} wordpress_logged_in_ [NC]
    RewriteRule ^(wp-admin|wp-login\.php) - [L]

    # D. THE KEY PASS: Allow access if the secret key is present (for logging in)
    RewriteCond %{QUERY_STRING} access=prince [OR]
    RewriteCond %{REQUEST_METHOD} POST
    RewriteRule ^wp-login\.php - [L]

    # E. THE BLOCK: If NOT logged in AND NO secret key, kick to home
    RewriteCond %{HTTP_COOKIE} !wordpress_logged_in_ [NC]
    RewriteCond %{REQUEST_URI} ^/(wp-login\.php|wp-admin)
    RewriteCond %{REQUEST_URI} !^/wp-admin/admin-ajax\.php
    RewriteCond %{QUERY_STRING} !access=prince
    RewriteRule ^(.*)$ / [R=302,L]

    # F. Standard WordPress rules
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
</IfModule>

# BEGIN WordPress
# The directives (lines) between "BEGIN WordPress" and "END WordPress" are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

# BEGIN cPanel-generated php ini directives, do not edit
<IfModule php8_module>
   php_flag display_errors Off
   php_value max_execution_time 259200
   php_value max_input_time 259200
   php_value max_input_vars 7000
   php_value memory_limit 512M
   php_value post_max_size 516M
   php_value session.gc_maxlifetime 1440
   php_value session.save_path "/var/cpanel/php/sessions/ea-php83"
   php_value upload_max_filesize 512M
   php_flag zlib.output_compression Off
</IfModule>
<IfModule lsapi_module>
   php_flag display_errors Off
   php_value max_execution_time 259200
   php_value max_input_time 259200
   php_value max_input_vars 7000
   php_value memory_limit 512M
   php_value post_max_size 516M
   php_value session.gc_maxlifetime 1440
   php_value session.save_path "/var/cpanel/php/sessions/ea-php83"
   php_value upload_max_filesize 512M
   php_flag zlib.output_compression Off
</IfModule>
# END cPanel-generated php ini directives, do not edit

# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php83” package as the default “PHP” programming language.
<IfModule mime_module>
  AddHandler application/x-httpd-ea-php83 .php .php8 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit
