<IfModule mod_rewrite.c>
RewriteEngine On

########################################
# 🚫 CHẶN TẤT CẢ BOT SCAN FILE PHP KHÔNG TỒN TẠI
########################################
# Nếu request .php mà file không tồn tại -> trả về 403
RewriteCond %{REQUEST_URI} \.php$ [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule .* - [F,L]

########################################
# 🚫 CHẶN .ENV, vendor
########################################
RewriteRule (^|/)\.env - [F,L]
RewriteRule ^vendor/ - [F,L]


RewriteCond %{REQUEST_URI} ^/wp-json/wp/v2/users$ [NC]
RewriteRule .* - [F,L]

########################################
# BLOCK BAD BOTS 
########################################
RewriteCond %{HTTP_USER_AGENT} (curl|wget|python|scrapy|httpclient|aiohttp|okhttp|java|node-fetch|go-http-client|postmanruntime|axios|sqlmap|nikto|libwww-perl|perl|headless|puppeteer) [NC]
RewriteCond %{HTTP_USER_AGENT} !Googlebot [NC]
RewriteCond %{HTTP_USER_AGENT} !Bingbot [NC]
RewriteRule .* - [F,L]

########################################
# BLOCK NON-VN FOR ADMIN (SAFE)
########################################
RewriteCond %{REQUEST_URI} ^/wp-login\.php$ [OR]
RewriteCond %{REQUEST_URI} ^/wp-admin(/.*)?$

RewriteCond %{REMOTE_ADDR} !^14\.
RewriteCond %{REMOTE_ADDR} !^27\.
RewriteCond %{REMOTE_ADDR} !^42\.
RewriteCond %{REMOTE_ADDR} !^49\.
RewriteCond %{REMOTE_ADDR} !^58\.(8|14|16|18|22|23|186|187)\.
RewriteCond %{REMOTE_ADDR} !^59\.153\.
RewriteCond %{REMOTE_ADDR} !^101\.96\.
RewriteCond %{REMOTE_ADDR} !^103\.
RewriteCond %{REMOTE_ADDR} !^113\.
RewriteCond %{REMOTE_ADDR} !^115\.
RewriteCond %{REMOTE_ADDR} !^116\.96\.
RewriteCond %{REMOTE_ADDR} !^117\.
RewriteCond %{REMOTE_ADDR} !^118\.69\.
RewriteCond %{REMOTE_ADDR} !^119\.
RewriteCond %{REMOTE_ADDR} !^120\.72\.
RewriteCond %{REMOTE_ADDR} !^125\.212\.
RewriteCond %{REMOTE_ADDR} !^171\.
RewriteCond %{REMOTE_ADDR} !^175\.
RewriteCond %{REMOTE_ADDR} !^180\.
RewriteCond %{REMOTE_ADDR} !^183\.
RewriteCond %{REMOTE_ADDR} !^203\.

RewriteRule ^ - [F,L]

########################################
# WORDPRESS PERMALINKS
########################################
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

</IfModule>