# Protect includes directory
<IfModule mod_rewrite.c>
    RewriteEngine On

    # Block direct access to includes/
    RewriteRule ^includes/ - [F,L]

    # Block access to config files
    RewriteRule ^config\.php$ - [F,L]

    # Block access to hidden files
    RewriteRule (^|/)\. - [F,L]

    # Block access to SQL files
    RewriteRule \.sql$ - [F,L]

    # Block access to log files
    RewriteRule \.log$ - [F,L]
</IfModule>

# Disable directory listing
Options -Indexes

# Prevent script execution in includes
<Directory "includes">
    php_flag engine off
</Directory>
