<IfModule mod_rewrite.c> RewriteEngine On # Force HTTPS RewriteCond %{HTTPS} off RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] # Remove www (optional — delete these 3 lines if you want to keep www) # RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC] # RewriteRule ^ https://%1%{REQUEST_URI} [L,R=301] # Block access to sensitive directories RewriteRule ^(application|system|vendor)(/|$) - [F,L] # Block access to hidden files (.env, .git, etc.) RewriteRule (^\.|/\.) - [F,L] # Allow existing files and directories to be served directly RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d # Route everything else through index.php RewriteRule ^(.*)$ index.php?/$1 [L] </IfModule> <IfModule !mod_rewrite.c> ErrorDocument 404 /index.php </IfModule> # Disable directory listing Options -Indexes # Protect .env from direct access <Files ".env"> Order allow,deny Deny from all </Files> # PHP settings for production <IfModule mod_php.c> php_flag display_errors Off php_flag log_errors On php_value upload_max_filesize 64M php_value post_max_size 64M php_value max_execution_time 300 php_value memory_limit 256M </IfModule> # php -- BEGIN cPanel-generated handler, do not edit # Set the “ea-php82” package as the default “PHP” programming language. <IfModule mime_module> AddHandler application/x-httpd-ea-php82 .php .php8 .phtml </IfModule> # php -- END cPanel-generated handler, do not edit