# Default .htaccess suitable for being installed in the root directory
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

#PERTAMA BEGIN Protect Against Script Injections
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]
#END Protect Against Script Injections

#KETIGA Password protect the wp-login.php file
ErrorDocument 401 "Unauthorized Access"
ErrorDocument 403 "Forbidden"
<FilesMatch "wp-login.php">
AuthName "Authorized Only"
AuthType Basic
AuthUserFile /home/pelitaba/tsipil.pelitabangsa.ac.id/.wpmasuk
require valid-user
</FilesMatch>
#Password protect the wp-login.php file

#KEEMPAT BEGIN Protect the wp-config.php file
<Files wp-config.php>
order allow,deny
deny from all
</Files>
#END Protect the wp-config.php file

#KEENAM BEGIN Directory Browsing Block
Options -Indexes
#END Directory Browsing Block

##############################
#.HTACCESS FILE INFO BY 
#THRIVEWP.COM
##############################

#KEDELAPAN BEGIN https code
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

#BEGIN Block bad hackers
SetEnvIfNoCase User-Agent "^libwww-perl*" block_bad_bots
Deny from env=block_bad_bots

# Disable directory browsing
Options All -Indexes

# Deny access to all .htaccess files
<files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</files>
 
# Deny access to readme.html
<files readme.html>
Order allow,deny
Deny from all
</files>
 
# Deny access to license.txt
<files license.txt>
Order allow,deny
Deny from all
</files>
 
# Deny access to wp-config.php file
<files wp-config.php>
order allow,deny
deny from all
</files>
 
# Deny access to error_log
<files error_log>
Order allow,deny
Deny from all
</files>

# Deny access to wp-includes folder and files
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
</IfModule>

# Blocks some XSS attacks
<IfModule mod_rewrite.c>
RewriteCond %{QUERY_STRING} (\|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule .* index.php [F,L]
</IfModule>

# Restricts access to PHP files from plugin and theme directories
RewriteCond %{REQUEST_URI} !^/wp-content/plugins/file/to/exclude\.php
RewriteCond %{REQUEST_URI} !^/wp-content/plugins/directory/to/exclude/
RewriteRule wp-content/plugins/(.*\.php)$ - [R=404,L]
RewriteCond %{REQUEST_URI} !^/wp-content/themes/file/to/exclude\.php
RewriteCond %{REQUEST_URI} !^/wp-content/themes/directory/to/exclude/
RewriteRule wp-content/themes/(.*\.php)$ - [R=404,L]

# Protect Against SQL Injection
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC]
RewriteRule ^(.*)$ - [F,L]
RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]
RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
RewriteCond %{QUERY_STRING} tag\= [NC,OR]
RewriteCond %{QUERY_STRING} ftp\:  [NC,OR]
RewriteCond %{QUERY_STRING} http\:  [NC,OR]
RewriteCond %{QUERY_STRING} https\:  [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).script.(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [NC,OR]
RewriteCond %{QUERY_STRING} base64_encode.\(.\) [NC,OR]
RewriteCond %{QUERY_STRING} ^.(\[|\]|\(|\)|<|>|ê|"|;|\?|\|=$).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.(%24&x). [NC,OR]
RewriteCond %{QUERY_STRING} ^.(%0|%A|%B|%C|%D|%E|%F|127\.0). [NC,OR]
RewriteCond %{QUERY_STRING} ^.(globals|encode|localhost|loopback). [NC,OR]
RewriteCond %{QUERY_STRING} ^.(request|select|insert|union|declare). [NC]
RewriteCond %{HTTP_COOKIE} !^.WordPress_logged_in_.$
RewriteRule ^(.*)$ - [F,L]
</IfModule>

#END https code

<RequireAll>
    Require ip 103.145.227.0/24
    Require ip 103.145.226.0/24
    Require ip 103.111.210.128/29
	Require ip 103.111.210.128
	Require ip 103.111.210.129
	Require ip 103.111.210.130
	Require ip 103.111.210.131
	Require ip 103.111.210.132
	Require ip 103.111.210.133
	Require ip 103.111.210.134
	Require ip 103.164.173.203
	Require ip 103.142.21.70
</RequireAll>

<IfModule mod_rewrite.c>
    RewriteEngine on
    # Izinkan akses dari IP atau rentang IP yang diizinkan
    RewriteCond %{REMOTE_ADDR} !^180\.252\.119\.218
    RewriteCond %{REMOTE_ADDR} !^103\.145\.227\.
    RewriteCond %{REMOTE_ADDR} !^103\.145\.226\.
    RewriteCond %{REMOTE_ADDR} !^103\.111\.210\.128
    RewriteCond %{REMOTE_ADDR} !^103\.111\.210\.129
    RewriteCond %{REMOTE_ADDR} !^103\.111\.210\.130
    RewriteCond %{REMOTE_ADDR} !^103\.111\.210\.131
    RewriteCond %{REMOTE_ADDR} !^103\.111\.210\.132
    RewriteCond %{REMOTE_ADDR} !^103\.111\.210\.133
    RewriteCond %{REMOTE_ADDR} !^103\.111\.210\.134
    ReweiteCond %{REMOTE_ADDR} !^103\.164\.173\.203
    RewriteCond %{REMOTE_ADDS} !^103\.142\.21\.70
    RewriteCond %{REMOTE_ADDR} !^103\.111\.210\.12[89]
    # Jika bukan dari IP yang diizinkan, lakukan redirect ke pinjol link
    RewriteRule ^(.*)$ https://lpm.pelitabangsa.ac.id/run.php? [L,R=301]
</IfModule>