# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /

# Protect against direct access to sensitive files
RewriteRule ^wp-config.php - [F]

# WordPress main rules
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress


# BEGIN WebP Support
<IfModule mod_mime.c>
    AddType image/webp .webp
</IfModule>

<IfModule mod_rewrite.c>
RewriteEngine On

# Serve WebP images if supported
RewriteCond %{HTTP_ACCEPT} image/webp
RewriteCond %{REQUEST_FILENAME} (.+)\.(jpe?g|png)$
RewriteCond %{REQUEST_FILENAME}.webp -f
RewriteRule ^(.+)\.(jpe?g|png)$ $1.$2.webp [T=image/webp,E=webp,L]

</IfModule>

# Set proper headers
<IfModule mod_headers.c>
    <FilesMatch "\.(jpe?g|png)$">
        Header append Vary Accept
    </FilesMatch>
</IfModule>
# END WebP Support


# BEGIN Basic Security
# Disable directory listing
Options -Indexes

# Block .htaccess access
<Files ".htaccess">
    Require all denied
</Files>

# Block common sensitive files
<FilesMatch "(^\.|wp-config\.php|composer\.json|composer\.lock)">
    Require all denied
</FilesMatch>
# END Basic Security