# Disable directory listing
Options -Indexes

# Block access to .htaccess file itself
<Files .htaccess>
    Order allow,deny
    Deny from all
</Files>

# Block direct access to config.php
<Files config.php>
    Order allow,deny
    Deny from all
</Files>

# Optional: Block access to other sensitive files (edit as needed)
<FilesMatch "^(composer\.json|composer\.lock|env|readme\.md)$">
    Order allow,deny
    Deny from all
</FilesMatch>

# Prevent access to hidden files like .git
RedirectMatch 404 /\.git

# Allow public access to these files
<FilesMatch "^(login\.php|register\.php|dashboard\.php|logout\.php|admin\.php)$">
    Order allow,deny
    Allow from all
</FilesMatch>
