# BEGIN HMWP_RULES
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^([_0-9a-zA-Z-]+/)?ajax$ /wp-admin/admin-ajax.php [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?newlogin$ /wp-login.php [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?newlogin/(.*) /wp-login.php$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?lostpass$ /wp-login.php?action=lostpassword [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?register$ /wp-login.php?action=register [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?core/modules/68f0c691b0/(.*) /wp-content/plugins/WPShapere/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?core/modules/434b8996f4/(.*) /wp-content/plugins/classic-editor/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?core/modules/fabe3a944a/(.*) /wp-content/plugins/classic-widgets/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?core/modules/5186ba8c66/(.*) /wp-content/plugins/code-snippets/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?core/modules/8516d2654f/(.*) /wp-content/plugins/contact-form-7/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?core/modules/cb3ff6b907/(.*) /wp-content/plugins/contact-form-cfdb7/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?core/modules/60f3e7b35f/(.*) /wp-content/plugins/duplicate-post/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?core/modules/ccc473c329/(.*) /wp-content/plugins/elementor-pro/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?core/modules/f65f29574d/(.*) /wp-content/plugins/elementor/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?core/modules/c006642256/(.*) /wp-content/plugins/filebird-pro/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?core/modules/66d54d2ca3/(.*) /wp-content/plugins/ga-google-analytics/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?core/modules/bbc0441161/(.*) /wp-content/plugins/header-footer-code-manager/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?core/modules/648ad25f1f/(.*) /wp-content/plugins/hide-my-wp-pack/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?core/modules/d0f4711431/(.*) /wp-content/plugins/hide-my-wp/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?core/modules/9e4ee34631/(.*) /wp-content/plugins/loading-page/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?core/modules/85e5f69829/(.*) /wp-content/plugins/loco-translate/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?core/modules/8c6b2640d1/(.*) /wp-content/plugins/mailchimp-for-wp/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?core/modules/cd8c954709/(.*) /wp-content/plugins/meta-box/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?core/modules/45b6c5e029/(.*) /wp-content/plugins/perfmatters/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?core/modules/d772536348/(.*) /wp-content/plugins/post-types-order/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?core/modules/4b36101dcc/(.*) /wp-content/plugins/revslider/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?core/modules/0f01b3a770/(.*) /wp-content/plugins/simple-page-ordering/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?core/modules/688555d482/(.*) /wp-content/plugins/taxonomy-terms-order/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?core/modules/f11c0e72bf/(.*) /wp-content/plugins/the-events-calendar/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?core/modules/625b94bfb7/(.*) /wp-content/plugins/tinymce-advanced/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?core/modules/46cf41c19e/(.*) /wp-content/plugins/tutor-lms-certificate-builder/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?core/modules/144c3597b3/(.*) /wp-content/plugins/tutor-pro/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?core/modules/1b166b7e2f/(.*) /wp-content/plugins/tutor/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?core/modules/33312bd2d3/(.*) /wp-content/plugins/woocommerce-notification/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?core/modules/39d10ee62c/(.*) /wp-content/plugins/woocommerce/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?core/modules/57e9b6c151/(.*) /wp-content/plugins/wp-line-notify/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?core/modules/c923cd7bba/(.*) /wp-content/plugins/wp-mail-smtp/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?core/modules/9db0d9966f/(.*) /wp-content/plugins/wpspowerbox/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?core/modules/4199dfcc6f/(.*) /wp-content/plugins/zilom-themer/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?core/modules/(.*) /wp-content/plugins/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?core/views/6908e39db4/design.css$ /wp-content/themes/zilom/style.css [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?core/views/6908e39db4/(.*) /wp-content/themes/zilom/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?core/views/(.*) /wp-content/themes/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?storage/(.*) /wp-content/uploads/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?core/(.*) /wp-content/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?lib/(.*) /wp-includes/$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?comments/(.*) /wp-comments-post.php$2 [QSA,L]
RewriteRule ^([_0-9a-zA-Z-]+/)?writer/(.*) /author/$2 [QSA,L]
</IfModule>


# END HMWP_RULES
# BEGIN HMWP_VULNERABILITY
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI} !/wp-admin [NC]
RewriteCond %{QUERY_STRING} ^author=\d+ [NC]
RewriteRule ^(.*)$ - [L,R=404]
</IfModule>

<IfModule mod_headers.c>
Header always unset x-powered-by
Header always unset server
ServerSignature Off
</IfModule>

<IfModule mod_headers.c>
Header set Strict-Transport-Security "max-age=15768000;includeSubdomains"
Header set Content-Security-Policy "object-src 'none'"
Header set X-XSS-Protection "1; mode=block"
</IfModule>


<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP:Cookie} !(wordpress_logged_in_|hmwp_logged_in_|wp-postpass_|wptouch_switch_toggle|comment_author_|comment_author_email_) [NC]
RewriteCond %{REQUEST_URI} ^/wp-content/?$ [NC,OR]
RewriteCond %{REQUEST_URI} ^/wp-content/[^\.]+/?$ [NC,OR]
RewriteCond %{THE_REQUEST} /wp-includes/?$ [NC,OR]
RewriteCond %{THE_REQUEST} /wp-content/plugins/[^\.]+(\.php|\.htm|\.html|\.rtf|\.rtx|\.txt|\.lock) [NC,OR]
RewriteCond %{THE_REQUEST} /wp-content/themes/[^\.]+(\.php|\.htm|\.html|\.rtf|\.rtx|\.txt|\.lock)    [NC,OR]
RewriteCond %{THE_REQUEST} /wp-content/uploads/[^\.]+(\.php|\.htm|\.html|\.rtf|\.rtx|\.txt|\.lock) [NC,OR]
RewriteCond %{THE_REQUEST} /wp-includes/[^\.]+(\.php|\.htm|\.html|\.rtf|\.rtx|\.txt|\.lock) [NC,OR]
RewriteCond %{THE_REQUEST} /([_0-9a-zA-Z-]+/)?(wp-config-sample\.php|readme\.html|readme\.txt|install\.php|license\.txt|php\.ini|bb-config\.php|error_log) [NC]
RewriteRule ^(.*)$ - [L,R=404]
</IfModule>

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI} /(wp-config-sample\.php|readme\.html|readme\.txt|install\.php|license\.txt|php\.ini|bb-config\.php|error_log) [NC]
RewriteRule ^(.*)$ - [L,R=404]
</IfModule>


# END HMWP_VULNERABILITY
# BEGIN WordPress
# 在含有 BEGIN WordPress 及 END WordPress 標記的這兩行間的指示詞內容為動態產生，
# 且應僅有 WordPress 篩選器能進行修改。對這兩行間任何指示詞內容的變更，
# 都會遭到系統覆寫。
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress
# BEGIN TUTOR_PREVENT_HOTLINKING
<IfModule mod_rewrite.c>
	RewriteEngine on
	# Exclude certain files from being blocked
	RewriteCond %{REQUEST_URI} !^/wp-content/plugins/tutor/assets/images/tutor-logo\.png [NC]
	# Allow direct access or access with a referer from the current site only.
	RewriteCond %{HTTP_REFERER} !^$ [NC]
	RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?elearnings.com.tw [NC]
	# Block access to files with the specified extensions
	RewriteRule \.(jpg|jpeg|png|gif|mp4|mov|mp3|avi|flv|wmv)$ - [NC,F,L]
</IfModule>
# END TUTOR_PREVENT_HOTLINKING