# /admin/.htaccess — protection for the Publish console.
#
# IMPORTANT: also turn on password protection for this folder via
# cPanel → Directory Privacy (select "admin", set a username + password).
# That adds the Basic-auth lines automatically and is the easiest path.

# Force HTTPS
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

# Block direct web access to the shared library and templates.
# (index.php / publish.php include them on disk; they should never be fetched directly.)
<FilesMatch "^publish-lib\.php$">
  Require all denied
</FilesMatch>

<IfModule mod_authz_core.c>
  <Files ".htpasswd">
    Require all denied
  </Files>
</IfModule>

# Deny the whole templates directory over the web.
RedirectMatch 403 ^/admin/templates/
