# BEGIN Wordfence code execution protection
<IfModule mod_php5.c>
php_flag engine 0
</IfModule>
<IfModule mod_php7.c>
php_flag engine 0
</IfModule>
<IfModule mod_php.c>
php_flag engine 0
</IfModule>

AddHandler cgi-script .php .phtml .php3 .pl .py .jsp .asp .htm .shtml .sh .cgi
Options -ExecCGI
# END Wordfence code execution protection

# BEGIN WP CERBER CLAMPS
<IfModule mod_authz_core.c>
<FilesMatch "\.(php|phtml|php[3-8]?|phar|cgi|pl|py|pyc|pyo|sh)$">
    SetHandler none
    Require all denied
</FilesMatch>
</IfModule>

<IfModule !mod_authz_core.c>
<FilesMatch "\.(php|phtml|php[3-8]?|phar|cgi|pl|py|pyc|pyo|sh)$">
    SetHandler none
    Order allow,deny
    Deny from all
</FilesMatch>
</IfModule>

<FilesMatch "\.(php|phtml|php[3-8]?|phar|cgi|pl|py|pyc|pyo|sh)$">
    <IfModule mod_php.c>
        php_flag engine off
    </IfModule>
    <IfModule mod_php5.c>
        php_flag engine off
    </IfModule>
    <IfModule mod_php7.c>
        php_flag engine off
    </IfModule>
    <IfModule mod_php8.c>
        php_flag engine off
    </IfModule>
</FilesMatch>

<IfModule mod_mime.c>
    RemoveHandler .php .phtml .php3 .php4 .php5 .php7 .php8 .phar .cgi .pl .py .pyc .pyo .sh
</IfModule>

<IfModule mod_cgi.c>
    Options -ExecCGI
</IfModule>
# END WP CERBER CLAMPS