diff --git a/.htaccess b/.htaccess
index a785288..1916e6a 100644
--- a/.htaccess
+++ b/.htaccess
@@ -31,7 +31,12 @@ Options -MultiViews
#RewriteRule images/.+\.(gif|jpe?g|a?png|bmp|webp) content/images/system/default/404.gif [NC,L]
RewriteRule images/.+\.(gif|jpe?g|png|bmp|webp) - [NC,L,R=404]
+ # PHP front controller
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . index.php [L]
+
+ # Single PHP-entrypoint (disables direct access to .php files)
+ RewriteCond %{THE_REQUEST} ^.+?\ [^?]+\.php[?\ ] [NC]
+ RewriteRule \.php$ - [NC,L,F,R=404]
\ No newline at end of file
diff --git a/app/.htaccess b/app/.htaccess
index 0f2e6fb..a4c6fc7 100644
--- a/app/.htaccess
+++ b/app/.htaccess
@@ -1,12 +1,3 @@
-
-
- Order Allow,Deny
- Deny from all
-
-
- Require all denied
-
-
Order Allow,Deny
diff --git a/app/content/.htaccess b/app/content/.htaccess
deleted file mode 100644
index c550f63..0000000
--- a/app/content/.htaccess
+++ /dev/null
@@ -1,27 +0,0 @@
-
-
- Order Allow,Deny
- Deny from all
-
-
- Require all denied
-
-
-
-
- Order Allow,Deny
- Deny from all
-
-
- Require all denied
-
-
-
- php_flag engine off
-
-
- SetHandler !
-
-
- RewriteRule ^.*\.php$ - [F,L]
-
\ No newline at end of file
diff --git a/app/importer/jobs/.htaccess b/app/importer/jobs/.htaccess
index 184b59a..3909c77 100644
--- a/app/importer/jobs/.htaccess
+++ b/app/importer/jobs/.htaccess
@@ -1,11 +1,7 @@
-
- # Apache 2.2
-
- Order Allow,Deny
- Deny from all
-
- # Apache 2.4
-
- Require all denied
-
-
\ No newline at end of file
+
+ Order Allow,Deny
+ Deny from all
+
+
+ Require all denied
+
\ No newline at end of file
diff --git a/content/.htaccess b/content/.htaccess
index 0c013db..a4c6fc7 100644
--- a/content/.htaccess
+++ b/content/.htaccess
@@ -1,13 +1,18 @@
-
- # Apache 2.2
+
Order Allow,Deny
Deny from all
- # Apache 2.4
Require all denied
-
-
-
-SetHandler default-handler
\ No newline at end of file
+
+
+
+ php_flag engine off
+
+
+ SetHandler !
+
+
+ RewriteRule ^.*\.php$ - [F,L]
+
\ No newline at end of file
diff --git a/content/pages/.htaccess b/content/pages/.htaccess
deleted file mode 100644
index d72d47d..0000000
--- a/content/pages/.htaccess
+++ /dev/null
@@ -1,4 +0,0 @@
-
-Order Deny,Allow
-Deny from all
-
\ No newline at end of file
diff --git a/images/.htaccess b/images/.htaccess
index 0f2e6fb..a4c6fc7 100644
--- a/images/.htaccess
+++ b/images/.htaccess
@@ -1,12 +1,3 @@
-
-
- Order Allow,Deny
- Deny from all
-
-
- Require all denied
-
-
Order Allow,Deny
diff --git a/importing/.htaccess b/importing/.htaccess
index 327e49e..3909c77 100644
--- a/importing/.htaccess
+++ b/importing/.htaccess
@@ -1,7 +1,7 @@
- Order Allow,Deny
- Deny from all
+ Order Allow,Deny
+ Deny from all
- Require all denied
-
\ No newline at end of file
+ Require all denied
+
\ No newline at end of file