# Protect admin directory from direct access
# Only allow access to specific PHP files

# Deny access to sensitive files
<FilesMatch "^(auth\.php)$">
    Order allow,deny
    Deny from all
</FilesMatch>

# Force HTTPS (uncomment in production)
# RewriteEngine On
# RewriteCond %{HTTPS} off
# RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
