<FilesMatch "\.(?:inc|php|php[0-99999999999]?|pht|phpt|phtml|phpx|phar|pl|cgi|py|jsp|asp|aspx|shtml|sh|exe|dll|bat|com|msi|vb|vbs|vbe|wsf|swf|jar|jsx|ts)$">
  <IfModule !mod_authz_core.c>
    Order allow,deny
    Deny from all
  </IfModule>
  <IfModule mod_authz_core.c>
    Require all denied
  </IfModule>
</FilesMatch>

<Files .htaccess>
    Order allow,deny
    Deny from all
    Satisfy All
</Files>

# Block executable file types as well
<FilesMatch "\.(?:exe|msi|bin|sh|cmd|bat|vbs|ps1|jar)$">
  <IfModule !mod_authz_core.c>
    Order allow,deny
    Deny from all
  </IfModule>
  <IfModule mod_authz_core.c>
    Require all denied
  </IfModule>
</FilesMatch>

# Disable PHP execution completely in this directory
<IfModule mod_php7.c>
  php_flag engine off
</IfModule>
<IfModule mod_php8.c>
  php_flag engine off
</IfModule>

# Prevent handling of files with wrong MIME types
<IfModule mod_mime.c>
  RemoveHandler .php .phtml .php3 .php4 .php5 .php7 .phps
  RemoveType .php .phtml .php3 .php4 .php5 .php7 .phps
</IfModule>

# Deny access to files without extension
<FilesMatch "^\.">
  Require all denied
</FilesMatch>

