.htaccess

# Apache/Senayan settings:
# by Hendro Wicaksono

# Protect files and directories from prying eyes.
<FilesMatch "\.(engine|att|inc|info|install|module|profile|test|po|sh|.*inc.php|.*sql|theme|tpl(\.php)?|xtmpl|svn-base)$|^(code-style\.pl|Entries.*|Repository|Root|Tag|Template|all-wcprops|entries|format)$">
  Order allow,deny
</FilesMatch>

<IfModule mod_rewrite.c>
    RewriteEngine On
    # Protect hidden directory from vulnerability scanner
    RewriteRule (^|/)\.([^/]+)(/|$) - [L,F]
    RewriteRule (^|/)([^/]+)~(/|$) - [L,F]
</IfModule>

# Don't show directory listings for URLs which map to a directory.
Options -Indexes

# Follow symbolic links in this directory.
# Options +FollowSymLinks
Options +SymLinksIfOwnerMatch

# Force simple error message for requests for non-existent favicon.ico.
<Files favicon.ico>
  # There is no end quote below, for compatibility with Apache 1.3.
  ErrorDocument 404 "The requested file favicon.ico was not found.
</Files>

# Set the default handler.
DirectoryIndex index.php 

# Add XSS Protection and ClickJacking Attack
<IfModule mod_headers.c>
  Header set X-XSS-Protection "1; mode=block"
  Header always set X-Frame-Options SAMEORIGIN
</IfModule>