bcreeves · April 30, 2019 18:49
diff --git a/.htaccess b/.htaccess
 # Block wp-config access
 <files wp-config.php>
    order allow,deny
    deny from all
 </files>

 # Block the include-only files.
 <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^wp-admin/includes/ - [F,L]
    RewriteRule !^wp-includes/ - [S=3]
    RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
    RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
    RewriteRule ^wp-includes/theme-compat/ - [F,L]
 </IfModule>

 # Block WordPress xmlrpc.php requests
 <Files xmlrpc.php>
    order deny,allow
    deny from all
 </Files>

 <IfModule mod_rewrite.c>
    RewriteEngine on

    # Remove www
 	RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
    RewriteRule ^(.*)$ https://%1/$1 [R=301,L]

    # Add www
    # RewriteCond %{HTTP_HOST} !^www\.
    # RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]

    # Force SSL
    RewriteCond %{HTTPS} !=on [NC]
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
 </IfModule>
	# Block wp-config access
	<files wp-config.php>
	order allow,deny
	deny from all
	</files>

	# Block the include-only files.
	<IfModule mod_rewrite.c>
	RewriteEngine On
	RewriteBase /
	RewriteRule ^wp-admin/includes/ - [F,L]
	RewriteRule !^wp-includes/ - [S=3]
	RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
	RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
	RewriteRule ^wp-includes/theme-compat/ - [F,L]
	</IfModule>

	# Block WordPress xmlrpc.php requests
	<Files xmlrpc.php>
	order deny,allow
	deny from all
	</Files>

	<IfModule mod_rewrite.c>
	RewriteEngine on

	# Remove www
	RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
	RewriteRule ^(.*)$ https://%1/$1 [R=301,L]

	# Add www
	# RewriteCond %{HTTP_HOST} !^www\.
	# RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]

	# Force SSL
	RewriteCond %{HTTPS} !=on [NC]
	RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
	</IfModule>