# BEGIN iThemes Security - Do not modify or remove this line
# iThemes Security Config Details: 2
	# Ban Hosts - Security > Settings > Banned Users
	SetEnvIF REMOTE_ADDR "^163\.53\.145\.7$" DenyAccess
	SetEnvIF X-FORWARDED-FOR "^163\.53\.145\.7$" DenyAccess
	SetEnvIF X-CLUSTER-CLIENT-IP "^163\.53\.145\.7$" DenyAccess

	SetEnvIF REMOTE_ADDR "^112\.206\.73\.173$" DenyAccess
	SetEnvIF X-FORWARDED-FOR "^112\.206\.73\.173$" DenyAccess
	SetEnvIF X-CLUSTER-CLIENT-IP "^112\.206\.73\.173$" DenyAccess

	SetEnvIF REMOTE_ADDR "^183\.171\.105\.187$" DenyAccess
	SetEnvIF X-FORWARDED-FOR "^183\.171\.105\.187$" DenyAccess
	SetEnvIF X-CLUSTER-CLIENT-IP "^183\.171\.105\.187$" DenyAccess

	SetEnvIF REMOTE_ADDR "^136\.158\.40\.234$" DenyAccess
	SetEnvIF X-FORWARDED-FOR "^136\.158\.40\.234$" DenyAccess
	SetEnvIF X-CLUSTER-CLIENT-IP "^136\.158\.40\.234$" DenyAccess

	SetEnvIF REMOTE_ADDR "^4\.233\.112\.111$" DenyAccess
	SetEnvIF X-FORWARDED-FOR "^4\.233\.112\.111$" DenyAccess
	SetEnvIF X-CLUSTER-CLIENT-IP "^4\.233\.112\.111$" DenyAccess

	SetEnvIF REMOTE_ADDR "^46\.217\.232\.3$" DenyAccess
	SetEnvIF X-FORWARDED-FOR "^46\.217\.232\.3$" DenyAccess
	SetEnvIF X-CLUSTER-CLIENT-IP "^46\.217\.232\.3$" DenyAccess

	SetEnvIF REMOTE_ADDR "^178\.222\.18\.42$" DenyAccess
	SetEnvIF X-FORWARDED-FOR "^178\.222\.18\.42$" DenyAccess
	SetEnvIF X-CLUSTER-CLIENT-IP "^178\.222\.18\.42$" DenyAccess

	SetEnvIF REMOTE_ADDR "^177\.136\.194\.35$" DenyAccess
	SetEnvIF X-FORWARDED-FOR "^177\.136\.194\.35$" DenyAccess
	SetEnvIF X-CLUSTER-CLIENT-IP "^177\.136\.194\.35$" DenyAccess

	SetEnvIF REMOTE_ADDR "^102\.67\.253\.251$" DenyAccess
	SetEnvIF X-FORWARDED-FOR "^102\.67\.253\.251$" DenyAccess
	SetEnvIF X-CLUSTER-CLIENT-IP "^102\.67\.253\.251$" DenyAccess

	SetEnvIF REMOTE_ADDR "^161\.35\.76\.208$" DenyAccess
	SetEnvIF X-FORWARDED-FOR "^161\.35\.76\.208$" DenyAccess
	SetEnvIF X-CLUSTER-CLIENT-IP "^161\.35\.76\.208$" DenyAccess

	SetEnvIF REMOTE_ADDR "^82\.196\.25\.184$" DenyAccess
	SetEnvIF X-FORWARDED-FOR "^82\.196\.25\.184$" DenyAccess
	SetEnvIF X-CLUSTER-CLIENT-IP "^82\.196\.25\.184$" DenyAccess

	SetEnvIF REMOTE_ADDR "^168\.119\.81\.82$" DenyAccess
	SetEnvIF X-FORWARDED-FOR "^168\.119\.81\.82$" DenyAccess
	SetEnvIF X-CLUSTER-CLIENT-IP "^168\.119\.81\.82$" DenyAccess

	SetEnvIF REMOTE_ADDR "^143\.42\.190\.204$" DenyAccess
	SetEnvIF X-FORWARDED-FOR "^143\.42\.190\.204$" DenyAccess
	SetEnvIF X-CLUSTER-CLIENT-IP "^143\.42\.190\.204$" DenyAccess

	SetEnvIF REMOTE_ADDR "^122\.186\.76\.162$" DenyAccess
	SetEnvIF X-FORWARDED-FOR "^122\.186\.76\.162$" DenyAccess
	SetEnvIF X-CLUSTER-CLIENT-IP "^122\.186\.76\.162$" DenyAccess

	<IfModule mod_authz_core.c>
		<RequireAll>
			Require all granted
			Require not env DenyAccess
			Require not ip 163.53.145.7
			Require not ip 112.206.73.173
			Require not ip 183.171.105.187
			Require not ip 136.158.40.234
			Require not ip 4.233.112.111
			Require not ip 46.217.232.3
			Require not ip 178.222.18.42
			Require not ip 177.136.194.35
			Require not ip 102.67.253.251
			Require not ip 161.35.76.208
			Require not ip 82.196.25.184
			Require not ip 168.119.81.82
			Require not ip 143.42.190.204
			Require not ip 122.186.76.162
		</RequireAll>
	</IfModule>
	<IfModule !mod_authz_core.c>
		Order allow,deny
		Allow from all
		Deny from env=DenyAccess
		Deny from 163.53.145.7
		Deny from 112.206.73.173
		Deny from 183.171.105.187
		Deny from 136.158.40.234
		Deny from 4.233.112.111
		Deny from 46.217.232.3
		Deny from 178.222.18.42
		Deny from 177.136.194.35
		Deny from 102.67.253.251
		Deny from 161.35.76.208
		Deny from 82.196.25.184
		Deny from 168.119.81.82
		Deny from 143.42.190.204
		Deny from 122.186.76.162
	</IfModule>

	# Protect System Files - Security > Settings > System Tweaks > System Files
	<files .htaccess>
		<IfModule mod_authz_core.c>
			Require all denied
		</IfModule>
		<IfModule !mod_authz_core.c>
			Order allow,deny
			Deny from all
		</IfModule>
	</files>
	<files readme.html>
		<IfModule mod_authz_core.c>
			Require all denied
		</IfModule>
		<IfModule !mod_authz_core.c>
			Order allow,deny
			Deny from all
		</IfModule>
	</files>
	<files readme.txt>
		<IfModule mod_authz_core.c>
			Require all denied
		</IfModule>
		<IfModule !mod_authz_core.c>
			Order allow,deny
			Deny from all
		</IfModule>
	</files>
	<files wp-config.php>
		<IfModule mod_authz_core.c>
			Require all denied
		</IfModule>
		<IfModule !mod_authz_core.c>
			Order allow,deny
			Deny from all
		</IfModule>
	</files>

	# Disable Directory Browsing - Security > Settings > System Tweaks > Directory Browsing
	Options -Indexes

	<IfModule mod_rewrite.c>
		RewriteEngine On

		# Protect System Files - Security > Settings > System Tweaks > System Files
		RewriteRule ^wp-admin/install\.php$ - [F]
		RewriteRule ^wp-admin/includes/ - [F]
		RewriteRule !^wp-includes/ - [S=3]
		RewriteRule ^wp-includes/[^/]+\.php$ - [F]
		RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F]
		RewriteRule ^wp-includes/theme-compat/ - [F]
		RewriteCond %{REQUEST_FILENAME} -f
		RewriteRule (^|.*/)\.(git|svn)/.* - [F]

		# Disable PHP in Uploads - Security > Settings > System Tweaks > PHP in Uploads
		RewriteRule ^wp\-content/uploads/.*\.(?:php[1-7]?|pht|phtml?|phps)\.?$ - [NC,F]

		# Disable PHP in Plugins - Security > Settings > System Tweaks > PHP in Plugins
		RewriteRule ^wp\-content/plugins/.*\.(?:php[1-7]?|pht|phtml?|phps)\.?$ - [NC,F]

		# Disable PHP in Themes - Security > Settings > System Tweaks > PHP in Themes
		RewriteRule ^wp\-content/themes/.*\.(?:php[1-7]?|pht|phtml?|phps)\.?$ - [NC,F]
	</IfModule>
# END iThemes Security - Do not modify or remove this line

# BEGIN WordPress
# The directives (lines) between "BEGIN WordPress" and "END WordPress" are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /hinopak/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /hinopak/index.php [L]
</IfModule>

# END WordPress



# BEGIN Headers Security Advanced & HSTS WP 5.2.5
<IfModule mod_headers.c>
Header set Access-Control-Allow-Methods "GET,POST"
Header set Access-Control-Allow-Headers "Content-Type, Authorization"
Header set Content-Security-Policy "upgrade-insecure-requests;"
Header set Cross-Origin-Embedder-Policy "unsafe-none; report-to='default'"
Header set Cross-Origin-Embedder-Policy-Report-Only "unsafe-none; report-to='default'"
Header set Cross-Origin-Opener-Policy "unsafe-none"
Header set Cross-Origin-Opener-Policy-Report-Only "unsafe-none; report-to='default'"
Header set Cross-Origin-Resource-Policy "cross-origin"
Header set Permissions-Policy "accelerometer=(), autoplay=(), camera=(), cross-origin-isolated=(), display-capture=(self), encrypted-media=(), fullscreen=*, geolocation=(self), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=*, picture-in-picture=*, publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=*, usb=(), xr-spatial-tracking=(), gamepad=(), serial=()"
Header set Referrer-Policy "strict-origin-when-cross-origin"
Header set Strict-Transport-Security "max-age=63072000"
Header set X-Content-Security-Policy "default-src 'self'; img-src *; media-src * data:;"
Header set X-Content-Type-Options "nosniff"
Header set X-Frame-Options "SAMEORIGIN"
Header set X-Permitted-Cross-Domain-Policies "none"
</IfModule>
# END Headers Security Advanced & HSTS WP
