Options -Indexes # ── Security headers ────────────────────────────────────────── Header set X-Content-Type-Options "nosniff" Header set X-Frame-Options "DENY" Header set X-XSS-Protection "1; mode=block" Header set Referrer-Policy "strict-origin-when-cross-origin" # Remove PHP version exposure Header unset X-Powered-By # ── PHP settings for cPanel shared hosting ──────────────────── php_flag display_errors Off php_flag log_errors On php_value error_log /home/CPANEL_USERNAME/logs/xgrow_api_errors.log php_value memory_limit 128M php_value max_execution_time 30 php_value upload_max_filesize 10M php_value post_max_size 10M # ── Deny access to config files ─────────────────────────────── Order allow,deny Deny from all # ── Route all requests through index.php ───────────────────── RewriteEngine On RewriteBase / # Block direct access to config/ RewriteRule ^config/ - [F,L] # Pass actual files/dirs through RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d # Route everything else to index.php RewriteRule ^(.*)$ index.php [QSA,L]