# BEGIN iThemes Security - Diese Zeile nicht verändern oder entfernen
# iThemes Security Config Details: 2
	# Systemdateien schützen - Sicherheit > Einstellungen > Systemoptimierungen > Systemdateien
	<files .htaccess>
		<IfModule mod_authz_core.c>
			Require all denied
		</IfModule>
		<IfModule !mod_authz_core.c>
			Order allow,deny
			Deny from all
		</IfModule>
	</files>
	<files readme.html>
		<IfModule mod_authz_core.c>
			Require all denied
		</IfModule>
		<IfModule !mod_authz_core.c>
			Order allow,deny
			Deny from all
		</IfModule>
	</files>
	<files readme.txt>
		<IfModule mod_authz_core.c>
			Require all denied
		</IfModule>
		<IfModule !mod_authz_core.c>
			Order allow,deny
			Deny from all
		</IfModule>
	</files>
	<files wp-config.php>
		<IfModule mod_authz_core.c>
			Require all denied
		</IfModule>
		<IfModule !mod_authz_core.c>
			Order allow,deny
			Deny from all
		</IfModule>
	</files>

	# Verzeichnisse durchsuchen deaktivieren - Sicherheit > Einstellungen > Systemoptimierungen > Verzeichnisse durchsuchen
	Options -Indexes

	<IfModule mod_rewrite.c>
		RewriteEngine On

		# Systemdateien schützen - Sicherheit > Einstellungen > Systemoptimierungen > Systemdateien
		RewriteRule ^wp-admin/install\.php$ - [F]
		RewriteRule ^wp-admin/includes/ - [F]
		RewriteRule !^wp-includes/ - [S=3]
		RewriteRule ^wp-includes/[^/]+\.php$ - [F]
		RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F]
		RewriteRule ^wp-includes/theme-compat/ - [F]
		RewriteCond %{REQUEST_FILENAME} -f
		RewriteRule (^|.*/)\.(git|svn)/.* - [F]

		# PHP unter Uploads deaktivieren - Sicherheit > Einstellungen > Systemoptimierungen > PHP unter Uploads
		RewriteRule ^wp\-content/uploads/.*\.(?:php[1-7]?|pht|phtml?|phps)\.?$ - [NC,F]

		# PHP unter Plugins deaktivieren - Sicherheit > Einstellungen > Systemoptimierungen > PHP unter Plugins
		RewriteRule ^wp\-content/plugins/.*\.(?:php[1-7]?|pht|phtml?|phps)\.?$ - [NC,F]

		# PHP unter Themes deaktivieren - Sicherheit > Einstellungen > Systemoptimierungen > PHP unter Themes
		RewriteRule ^wp\-content/themes/.*\.(?:php[1-7]?|pht|phtml?|phps)\.?$ - [NC,F]
	</IfModule>
# END iThemes Security - Diese Zeile nicht verändern oder entfernen

# BEGIN WP Hide & Security Enhancer
<IfModule mod_rewrite.c> 
RewriteEngine On 
RewriteBase / 
#WriteCheckString:1756038707_73340
RewriteRule ^rewrite_test_1756038707_73340/? /wp-content/plugins/wp-hide-security-enhancer/include/rewrite-confirm.php [L,QSA]
RewriteRule ^rewrite_test_static_file_1756038707_73340/? /wp-content/plugins/wp-hide-security-enhancer/composer.json [L,QSA]

RewriteRule ^design/theme.css /wp-content/themes/Divi/style.css [L,QSA]

RewriteRule ^design-child/theme-child.css /wp-content/themes/child-theme/style.css [L,QSA]

RewriteRule ^design-child/(.+) /wp-content/themes/child-theme/$1 [L,QSA]

RewriteRule ^design/(.+) /wp-content/themes/Divi/$1 [L,QSA]

RewriteRule ^lang/(.+) /wp-content/plugins/polylang/$1 [L,QSA]
RewriteRule ^acc/(.+) /wp-content/plugins/accessibility-widget/$1 [L,QSA]
RewriteRule ^sec/(.+) /wp-content/plugins/better-wp-security/$1 [L,QSA]
RewriteRule ^blc/(.+) /wp-content/plugins/broken-link-checker/$1 [L,QSA]
RewriteRule ^cookie/(.+) /wp-content/plugins/cookie-law-info/$1 [L,QSA]
RewriteRule ^dupli/(.+) /wp-content/plugins/duplicator/$1 [L,QSA]
RewriteRule ^dupli/(.+) /wp-content/plugins/duplicator/$1 [L,QSA]
RewriteRule ^mon/(.+) /wp-content/plugins/monarch/$1 [L,QSA]
RewriteRule ^forms/(.+) /wp-content/plugins/ninja-forms/$1 [L,QSA]
RewriteRule ^wa/(.+) /wp-content/plugins/pojo-accessibility/$1 [L,QSA]
RewriteRule ^rupurem/(.+) /wp-content/plugins/wordfence/$1 [L,QSA]
RewriteRule ^saburoj/(.+) /wp-content/plugins/wordpress-seo/$1 [L,QSA]
RewriteRule ^vetapod/(.+) /wp-content/plugins/wp-smushit/$1 [L,QSA]
RewriteRule ^gedogil/(.+) /wp-content/plugins/wp-super-cache/$1 [L,QSA]
RewriteRule ^addons/(.+) /wp-content/plugins/$1 [L,QSA]

RewriteRule ^gipefal/(.+) /wp-content/uploads/$1 [L,QSA]

RewriteRule ^xmlrpc.php - [R=404]
RewriteCond %{ENV:REDIRECT_STATUS} ^$
RewriteRule ^license.txt /index.php?wph-throw-404 [L]
RewriteCond %{ENV:REDIRECT_STATUS} ^$
RewriteRule ^readme.html /index.php?wph-throw-404 [L]
RewriteCond %{ENV:REDIRECT_STATUS} ^$
RewriteRule ^wp-activate.php /index.php?wph-throw-404 [L]
RewriteCond %{ENV:REDIRECT_STATUS} ^$
RewriteRule ^wp-signup.php /index.php?wph-throw-404 [L]
RewriteCond %{ENV:REDIRECT_STATUS} ^$
RewriteRule ^wp-register.php /index.php?wph-throw-404 [L]
RewriteCond %{ENV:REDIRECT_STATUS} ^$
RewriteCond %{REQUEST_FILENAME} -f
RewriteCond %{REQUEST_FILENAME} !wp-activate.php [NC]
RewriteCond %{REQUEST_FILENAME} !wp-cron.php [NC]
RewriteCond %{REQUEST_FILENAME} !wp-signup.php [NC]
RewriteCond %{REQUEST_FILENAME} !wp-register.php [NC]
RewriteCond %{REQUEST_FILENAME} !wp-comments-post.php [NC]
RewriteCond %{REQUEST_FILENAME} !wp-login.php [NC]
RewriteRule ^wp-([a-z-])+.php /index.php?wph-throw-404 [L]

RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC]
RewriteCond %{HTTP:Authorization} ^$ [NC]
RewriteRule ^wp-json(.+) /index.php?wph-throw-404 [L]

RewriteRule ^tilajir.php /wp-comments-post.php [L,QSA]
RewriteCond %{QUERY_STRING} author=\d+
RewriteRule ^ /index.php?wph-throw-404 [L]
</IfModule> 

# END WP Hide & Security Enhancer

# This file was updated by Duplicator on 2025-04-04 14:37:54.
# See the original_files_ folder for the original source_site_htaccess file.
# BEGIN WordPress
# Die Anweisungen (Zeilen) zwischen „BEGIN WordPress“ und „END WordPress“ sind
# dynamisch generiert und sollten nur über WordPress-Filter geändert werden.
# Alle Änderungen an den Anweisungen zwischen diesen Markierungen werden überschrieben.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress