# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /

# FORCE HTTPS
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# (Optional) FORCE WWW — uncomment ONE of these:
# To force www:
# RewriteCond %{HTTP_HOST} !^www\. [NC]
# RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# To force non-www:
# RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
# RewriteRule ^ https://%1%{REQUEST_URI} [L,R=301]

RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

# Use latest PHP version (adjust if needed)
<IfModule mime_module>
  AddHandler application/x-httpd-ea-php82 .php .php7 .phtml
</IfModule>

# Security: disable access to sensitive files
<FilesMatch "(^\.|wp-config\.php|readme\.html|license\.txt)">
Order allow,deny
Deny from all
</FilesMatch>