# Security: Prevent PHP execution in this directory
<FilesMatch "\.php$">
    Order Deny,Allow
    Deny from all
</FilesMatch>

# For Apache 2.4+
<IfModule mod_authz_core.c>
    <FilesMatch "\.php$">
        Require all denied
    </FilesMatch>
</IfModule>

# Block access to hidden files
<FilesMatch "^\.">
    Order Deny,Allow
    Deny from all
</FilesMatch>

# Disable script execution
Options -ExecCGI
AddHandler cgi-script .php .php3 .php4 .php5 .phtml .pl .py .pyc .pyo .cgi .sh .bash

# Set content type headers for images only
<IfModule mod_headers.c>
    <FilesMatch "\.(gif|png|jpe?g|webp)$">
        Header set X-Content-Type-Options "nosniff"
    </FilesMatch>
</IfModule>
