# Basic PHP Security Settings (Safe for most hosting)
Options -Indexes
DirectoryIndex index.php index.html

# Hide sensitive files
<Files ~ "^\.">
    Order allow,deny
    Deny from all
</Files>

<FilesMatch "\.(htaccess|htpasswd|ini|log|sh|sql|conf|bak)$">
    Order allow,deny
    Deny from all
</FilesMatch>

# Basic PHP Settings
php_flag display_errors off
php_value upload_max_filesize 10M
php_value post_max_size 10M

# Basic URL Rewriting
<IfModule mod_rewrite.c>
    RewriteEngine On
    
    # Force HTTPS for production
    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    
    # Add .php extension if file exists
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME}.php -f
    RewriteRule ^(.*)$ $1.php [L]
</IfModule>

# Basic CORS for API
<IfModule mod_headers.c>
    Header set Access-Control-Allow-Origin "*"
    Header set Access-Control-Allow-Methods "GET, POST, OPTIONS"
    Header set Access-Control-Allow-Headers "Content-Type"
</IfModule>
