#Begin Really Simple Auto Prepend File
<IfModule LiteSpeed>
php_value auto_prepend_file /home/sempreg/public_html/wp-content/advanced-headers.php
</IfModule>
<IfModule lsapi_module>
php_value auto_prepend_file /home/sempreg/public_html/wp-content/advanced-headers.php
</IfModule>
<Files ".user.ini">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Files>
#End Really Simple Auto Prepend File

# BEGIN LSCACHE
## LITESPEED WP CACHE PLUGIN - Do not edit the contents of this block! ##
<IfModule LiteSpeed>
RewriteEngine on
CacheLookup on
RewriteRule .* - [E=Cache-Control:no-autoflush]
RewriteRule litespeed/debug/.*\.log$ - [F,L]
RewriteRule \.litespeed_conf\.dat - [F,L]

### marker ASYNC start ###
RewriteCond %{REQUEST_URI} /wp-admin/admin-ajax\.php
RewriteCond %{QUERY_STRING} action=async_litespeed
RewriteRule .* - [E=noabort:1]
### marker ASYNC end ###

### marker MOBILE start ###
RewriteCond %{HTTP_USER_AGENT} Mobile|Android|Silk/|Kindle|BlackBerry|Opera\ Mini|Opera\ Mobi [NC]
RewriteRule .* - [E=Cache-Control:vary=%{ENV:LSCACHE_VARY_VALUE}+ismobile]
### marker MOBILE end ###

### marker CORS start ###
<FilesMatch "\.(ttf|ttc|otf|eot|woff|woff2|font\.css)$">
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "*"
</IfModule>
</FilesMatch>
### marker CORS end ###

### marker WEBP start ###
RewriteCond %{HTTP_ACCEPT} image/webp [OR]
RewriteCond %{HTTP_USER_AGENT} iPhone\ OS\ (1[4-9]|[2-9][0-9]) [OR]
RewriteCond %{HTTP_USER_AGENT} Firefox/([6-9][0-9]|[1-9][0-9]{2,})
RewriteRule .* - [E=Cache-Control:vary=%{ENV:LSCACHE_VARY_VALUE}+webp]
### marker WEBP end ###

### marker DROPQS start ###
CacheKeyModify -qs:fbclid
CacheKeyModify -qs:gclid
CacheKeyModify -qs:utm*
CacheKeyModify -qs:_ga
### marker DROPQS end ###

</IfModule>
## LITESPEED WP CACHE PLUGIN - Do not edit the contents of this block! ##
# END LSCACHE
# BEGIN NON_LSCACHE
## LITESPEED WP CACHE PLUGIN - Do not edit the contents of this block! ##
### marker BROWSER CACHE start ###
<IfModule mod_expires.c>
ExpiresActive on
ExpiresByType application/pdf A31557600
ExpiresByType image/x-icon A31557600
ExpiresByType image/vnd.microsoft.icon A31557600
ExpiresByType image/svg+xml A31557600

ExpiresByType image/jpg A31557600
ExpiresByType image/jpeg A31557600
ExpiresByType image/png A31557600
ExpiresByType image/gif A31557600
ExpiresByType image/webp A31557600
ExpiresByType image/avif A31557600

ExpiresByType video/ogg A31557600
ExpiresByType audio/ogg A31557600
ExpiresByType video/mp4 A31557600
ExpiresByType video/webm A31557600

ExpiresByType text/css A31557600
ExpiresByType text/javascript A31557600
ExpiresByType application/javascript A31557600
ExpiresByType application/x-javascript A31557600

ExpiresByType application/x-font-ttf A31557600
ExpiresByType application/x-font-woff A31557600
ExpiresByType application/font-woff A31557600
ExpiresByType application/font-woff2 A31557600
ExpiresByType application/vnd.ms-fontobject A31557600
ExpiresByType font/ttf A31557600
ExpiresByType font/otf A31557600
ExpiresByType font/woff A31557600
ExpiresByType font/woff2 A31557600

</IfModule>
### marker BROWSER CACHE end ###

## LITESPEED WP CACHE PLUGIN - Do not edit the contents of this block! ##
# END NON_LSCACHE

RewriteOptions inherit

<IfModule mod_rewrite.c>
# protect from sql injection
	Options +FollowSymLinks
	RewriteEngine On
	RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
	RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
	RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
	RewriteRule ^(.*)$ index.php [F,L]
</IfModule>

# disable directory browsing
Options All -Indexes

# protect wp-config.php
<files wp-config.php>
	Order deny,allow
	Deny from all
</files>

# BEGIN Speed Booster Pack
# SBP 4.5.8.1

# Character encodings
AddDefaultCharset utf-8

# ETags
<IfModule mod_headers.c>
    Header unset ETag
</IfModule>
FileETag None

# Compression
<IfModule mod_deflate.c>
	<IfModule mod_setenvif.c>
		<IfModule mod_headers.c>
			SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
			RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
		</IfModule>
	</IfModule>
	<IfModule mod_filter.c>
		AddOutputFilterByType DEFLATE "application/atom+xml" \
									  "application/javascript" \
									  "application/json" \
									  "application/ld+json" \
									  "application/manifest+json" \
									  "application/rdf+xml" \
									  "application/rss+xml" \
									  "application/schema+json" \
									  "application/geo+json" \
									  "application/vnd.ms-fontobject" \
									  "application/wasm" \
									  "application/x-font-ttf" \
									  "application/x-javascript" \
									  "application/x-web-app-manifest+json" \
									  "application/xhtml+xml" \
									  "application/xml" \
									  "font/eot" \
									  "font/opentype" \
									  "font/otf" \
									  "font/ttf" \
									  "image/bmp" \
									  "image/svg+xml" \
									  "image/vnd.microsoft.icon" \
									  "image/x-icon" \
									  "text/cache-manifest" \
									  "text/calendar" \
									  "text/css" \
									  "text/html" \
									  "text/javascript" \
									  "text/plain" \
									  "text/markdown" \
									  "text/vcard" \
									  "text/vnd.rim.location.xloc" \
									  "text/vtt" \
									  "text/x-component" \
									  "text/x-cross-domain-policy" \
									  "text/xml"
	</IfModule>
	<IfModule mod_mime.c>
		AddEncoding gzip			  svgz
	</IfModule>
</IfModule>

# Cache expiration
<IfModule mod_expires.c>

	ExpiresActive on

	# Default: Fallback
	ExpiresDefault									  "access plus 1 year"

	# Specific: Assets
	ExpiresByType image/vnd.microsoft.icon			  "access plus 1 week"
	ExpiresByType image/x-icon						  "access plus 1 week"

	# Specific: Manifests
	ExpiresByType application/manifest+json			 "access plus 1 week"
	ExpiresByType application/x-web-app-manifest+json   "access"
	ExpiresByType text/cache-manifest				   "access"

	# Specific: Data interchange
	ExpiresByType application/atom+xml				  "access plus 1 hour"
	ExpiresByType application/rdf+xml				   "access plus 1 hour"
	ExpiresByType application/rss+xml				   "access plus 1 hour"

	# Specific: Documents
	ExpiresByType text/html							 "access"
	ExpiresByType text/markdown						 "access"
	ExpiresByType text/calendar						 "access"

	# Specific: Other
	ExpiresByType text/x-cross-domain-policy			"access plus 1 week"

	# Generic: Data
	ExpiresByType application/json					  "access"
	ExpiresByType application/ld+json				   "access"
	ExpiresByType application/schema+json			   "access"
	ExpiresByType application/geo+json				  "access"
	ExpiresByType application/xml					   "access"
	ExpiresByType text/xml							  "access"

	# Generic: Assets
	ExpiresByType application/javascript			  "access plus 1 year"
	ExpiresByType application/x-javascript			"access plus 1 year"
	ExpiresByType text/javascript					 "access plus 1 year"
	ExpiresByType text/css							"access plus 1 year"

	# Generic: Medias
	ExpiresByType audio/*							 "access plus 1 year"
	ExpiresByType image/*							 "access plus 1 year"
	ExpiresByType video/*							 "access plus 1 year"
	ExpiresByType font/*							  "access plus 1 year"

</IfModule>

# Ported from: https://github.com/h5bp/server-configs-apache

# END Speed Booster Pack

# Wordfence WAF
<IfModule LiteSpeed>
	php_value auto_prepend_file '/home/sempreg/public_html/wordfence-waf.php'
</IfModule>
<IfModule lsapi_module>
	php_value auto_prepend_file '/home/sempreg/public_html/wordfence-waf.php'
</IfModule>
<Files ".user.ini">
	<IfModule mod_authz_core.c>
		Require all denied
	</IfModule>
	<IfModule !mod_authz_core.c>
		Order deny,allow
		Deny from all
	</IfModule>
</Files>

# END Wordfence WAF

# SOFTACULOUS Block xmlrpc
<files xmlrpc.php>
	Require all denied
</files>
# SOFTACULOUS Block xmlrpc End

# SOFTACULOUS Block .htaccess and .htpasswd
<FilesMatch ^(?i:\.ht.*)$>
	Require all denied
</FilesMatch>
# SOFTACULOUS Block .htaccess and .htpasswd End

# SOFTACULOUS Block author scans
RewriteEngine On
RewriteBase /
RewriteCond %{QUERY_STRING} (author=\d+) [NC]
RewriteRule .* - [F]
# SOFTACULOUS Block author scans End

# SOFTACULOUS Block directory browsing
Options -Indexes
# SOFTACULOUS Block directory browsing End

# SOFTACULOUS Block access sensitive files
<FilesMatch "^.*(((?:wp-config)\.(?:php|bak|swp))|php.ini|\.[hH][tT][aApP].*|((?:error_log|readme|license|changelog|-config|-sample)\.(?:php|md|log|txt|htm|html)))$">
	Require all denied
</FilesMatch>
# SOFTACULOUS Block access sensitive files End

# SOFTACULOUS Enable bot protection
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} (?:virusbot|spambot|evilbot|acunetix|BLEXBot|domaincrawler\.com|LinkpadBot|MJ12bot/v|majestic12\.co\.uk|AhrefsBot|TwengaBot|SemrushBot|nikto|winhttp|Xenu\s+Link\s+Sleuth|Baiduspider|HTTrack|clshttp|harvest|extract|grab|miner|python-requests) [NC]
RewriteRule ^(.*)$ http://no.access/
# SOFTACULOUS Enable bot protection End

<Files 403.shtml>
	order allow,deny
	allow from all
</Files>

deny from 66.249.83.1
deny from 66.249.83.2/31

deny from 66.249.83.60

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://sempreg.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://sempreg.com$      [NC]
RewriteCond %{HTTP_REFERER} !^http://suite.sempreg.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://suite.sempreg.com$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.sempreg.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.sempreg.com$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.suite.sempreg.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.suite.sempreg.com$      [NC]
RewriteCond %{HTTP_REFERER} !^https://sempreg.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^https://sempreg.com$      [NC]
RewriteCond %{HTTP_REFERER} !^https://suite.sempreg.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^https://suite.sempreg.com$      [NC]
RewriteCond %{HTTP_REFERER} !^https://www.sempreg.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^https://www.sempreg.com$      [NC]
RewriteCond %{HTTP_REFERER} !^https://www.suite.sempreg.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^https://www.suite.sempreg.com$      [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ - [F,NC]
# BEGIN SBP_LS_CACHE
# Las directivas (líneas) entre «BEGIN SBP_LS_CACHE» y «END SBP_LS_CACHE» son
# generadas dinámicamente y solo deberían ser modificadas mediante filtros de WordPress.
# Cualquier cambio en las directivas que hay entre esos marcadores serán sobrescritas.
<IfModule LiteSpeed>
RewriteEngine On
CacheLookup On

## BEGIN Cache vary for logged in users
RewriteRule .? - [E="Cache-Vary:,wordpress_logged_in_96493527ba97d63e2acf92c54f460b08"]
## END Cache vary for logged in users

## BEGIN Cache vary for mobile browsers
RewriteCond %{HTTP_USER_AGENT} "Mobile|Android|Silk/|Kindle|BlackBerry|Opera Mini|Opera Mobi"
RewriteRule .* - [E=Cache-Control:vary=ismobile]
## END Cache vary for mobile browsers

## BEGIN Dropped Query Strings
CacheKeyModify -qs:name
CacheKeyModify -qs:fbclid
CacheKeyModify -qs:gclid
CacheKeyModify -qs:gclsrc
CacheKeyModify -qs:utm_content
CacheKeyModify -qs:utm_term
CacheKeyModify -qs:utm_campaign
CacheKeyModify -qs:utm_medium
CacheKeyModify -qs:utm_source
CacheKeyModify -qs:utm_id
CacheKeyModify -qs:_ga
CacheKeyModify -qs:mc_cid
CacheKeyModify -qs:mc_eid
CacheKeyModify -qs:_bta_tid
CacheKeyModify -qs:_bta_c
CacheKeyModify -qs:trk_contact
CacheKeyModify -qs:trk_msg
CacheKeyModify -qs:trk_module
CacheKeyModify -qs:trk_sid
CacheKeyModify -qs:gdfms
CacheKeyModify -qs:gdftrk
CacheKeyModify -qs:gdffi
CacheKeyModify -qs:_ke
CacheKeyModify -qs:redirect_log_mongo_id
CacheKeyModify -qs:redirect_mongo_id
CacheKeyModify -qs:sb_referer_host
CacheKeyModify -qs:mkwid
CacheKeyModify -qs:pcrid
CacheKeyModify -qs:ef_id
CacheKeyModify -qs:s_kwcid
CacheKeyModify -qs:msclkid
CacheKeyModify -qs:dm_i
CacheKeyModify -qs:epik
CacheKeyModify -qs:pk_campaign
CacheKeyModify -qs:pk_kwd
CacheKeyModify -qs:pk_keyword
CacheKeyModify -qs:piwik_campaign
CacheKeyModify -qs:piwik_kwd
CacheKeyModify -qs:piwik_keyword
CacheKeyModify -qs:mtm_campaign
CacheKeyModify -qs:mtm_keyword
CacheKeyModify -qs:mtm_source
CacheKeyModify -qs:mtm_medium
CacheKeyModify -qs:mtm_content
CacheKeyModify -qs:mtm_cid
CacheKeyModify -qs:mtm_group
CacheKeyModify -qs:mtm_placement
CacheKeyModify -qs:matomo_campaign
CacheKeyModify -qs:matomo_keyword
CacheKeyModify -qs:matomo_source
CacheKeyModify -qs:matomo_medium
CacheKeyModify -qs:matomo_content
CacheKeyModify -qs:matomo_cid
CacheKeyModify -qs:matomo_group
CacheKeyModify -qs:matomo_placement
CacheKeyModify -qs:hsa_cam
CacheKeyModify -qs:hsa_grp
CacheKeyModify -qs:hsa_mt
CacheKeyModify -qs:hsa_src
CacheKeyModify -qs:hsa_ad
CacheKeyModify -qs:hsa_acc
CacheKeyModify -qs:hsa_net
CacheKeyModify -qs:hsa_kw
CacheKeyModify -qs:hsa_tgt
CacheKeyModify -qs:hsa_ver
CacheKeyModify -qs:_branch_match_id
## END Dropped Query Strings
</IfModule>
# END SBP_LS_CACHE
deny from 77.75.77.95
deny from 66.249.83.30/31
deny from 66.249.83.48/31
deny from 66.249.83.50

define('WP_MEMORY_LIMIT', '256M');

#Begin Really Simple Security
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTPS} !=on [NC]
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
</IfModule>

#End Really Simple Security

# BEGIN WordPress
# Las directivas (líneas) entre «BEGIN WordPress» y «END WordPress» son
# generadas dinámicamente y solo deberían ser modificadas mediante filtros de WordPress.
# Cualquier cambio en las directivas que hay entre esos marcadores serán sobrescritas.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php81” package as the default “PHP” programming language.
<IfModule mime_module>
  AddHandler application/x-httpd-ea-php81___lsphp .php .php8 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit
