wp/.htaccess

Options +FollowSymLinks

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /wp/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /wp/index.php [L]
</IfModule>
# END WordPress

#### Use /wp/ subdirectory ####

<IfModule mod_rewrite.c>
	RewriteEngine On
	RewriteBase /
	RewriteRule ^(wp-admin/.*)$ /wp/$1 [L]
	RewriteRule ^(wp-[^/]+\.php)$ /wp/$1 [L]
	RewriteRule ^xmlrpc\.php$ /wp/xmlrpc.php [L]
	RewriteRule ^(wp-includes/.*)$ /wp/$1 [L]
</IfModule>

# Block xmlrpc.php
<Files xmlrpc.php>
order allow,deny
deny from all
</Files>

<IfModule mod_rewrite.c>
  RewriteCond %{SCRIPT_FILENAME} -d [OR]
  RewriteCond %{SCRIPT_FILENAME} -f
  RewriteRule "(^|/)\." - [F]
</IfModule>

#### Force SSL ####
	#RewriteEngine On
	#RewriteCond %{HTTPS} !=on
	#RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
#</IfModule>

<IfModule mod_autoindex.c>
	Options -Indexes
</IfModule>

<IfModule mod_headers.c>
  Header set X-Content-Type-Options "nosniff"
</IfModule>

<IfModule mod_headers.c>
	Header set X-XSS-Protection "1; mode=block"
	<FilesMatch "\.(appcache|atom|crx|css|cur|eot|f4[abpv]|flv|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|tt[cf]|vcf|vtt|webapp|web[mp]|woff|xml|xpi)$">
    Header unset X-XSS-Protection
	</FilesMatch>
</IfModule>

<IfModule mod_headers.c>
  Header unset ETag
</IfModule>
FileETag None

<IfModule mod_headers.c>
  <FilesMatch "\.(eot|otf|tt[cf]|woff)$">
     Header set Access-Control-Allow-Origin "*"
  </FilesMatch>
</IfModule>

<IfModule mod_headers.c>
	Header set X-Frame-Options "DENY"
	<FilesMatch "\.(appcache|atom|crx|css|cur|eot|f4[abpv]|flv|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|tt[cf]|vcf|vtt|webapp|web[mp]|woff|xml|xpi)$">
		Header unset X-Frame-Options
	</FilesMatch>
</IfModule>

<IfModule mod_setenvif.c>
  <IfModule mod_headers.c>
    <FilesMatch "\.(cur|gif|ico|jpe?g|png|svgz?|webp)$">
      SetEnvIf Origin ":" IS_CORS
      Header set Access-Control-Allow-Origin "*" env=IS_CORS
    </FilesMatch>
  </IfModule>
</IfModule>

<FilesMatch "(^#.*#|\.(bak|config|dist|fla|in[ci]|log|psd|sh|sql|sw[op])|~)$">
  <IfModule !mod_authz_core.c>
    Order allow,deny
    Deny from all
    Satisfy All
  </IfModule>
  <IfModule mod_authz_core.c>
    Require all denied
  </IfModule>
</FilesMatch>

<IfModule mod_headers.c>
  <FilesMatch "\.(js|css|xml|gz)$">
    Header append Vary: Accept-Encoding
  </FilesMatch>
</IfModule>

<IfModule mod_headers.c>
  Header set X-UA-Compatible "IE=edge"
  <FilesMatch "\.(appcache|atom|crx|css|cur|eot|f4[abpv]|flv|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|tt[cf]|vcf|vtt|webapp|web[mp]|woff|xml|xpi)$">
     Header unset X-UA-Compatible
  </FilesMatch>
</IfModule>
Header set Cache-Control "max-age=7200, must-revalidate"

<IfModule mod_mime.c>
    AddType audio/mp4                                   m4a f4a f4b
    AddType audio/ogg                                   oga ogg opus
    AddType application/json                            json map
    AddType application/ld+json                         jsonld
    AddType application/javascript                      js
    AddType video/mp4                                   f4v f4p m4v mp4
    AddType video/ogg                                   ogv
    AddType video/webm                                  webm
    AddType video/x-flv                                 flv
    AddType application/font-woff                       woff
    AddType application/vnd.ms-fontobject               eot
    AddType application/x-font-ttf                      ttc ttf
    AddType font/opentype                               otf
    AddType image/svg+xml                               svgz
    AddEncoding gzip                                    svgz
    AddType application/octet-stream                    safariextz
    AddType application/x-chrome-extension              crx
    AddType application/x-web-app-manifest+json         webapp
    AddType application/xml                             atom rdf rss xml
    AddType image/x-icon                                cur
    AddType text/cache-manifest                         appcache manifest
    AddType text/x-vcard                                vcf
</IfModule>

<IfModule mod_mime.c>
    AddCharset utf-8 .atom .css .js .json .jsonld .rss .vtt .webapp .xml
</IfModule>

<IfModule mod_expires.c>
ExpiresActive on
ExpiresDefault                                      "access plus 1 month"
ExpiresByType text/html                             "access plus 0 seconds"
ExpiresByType text/css                              "access plus 1 year"
ExpiresByType image/jpeg                            "access plus 1 year"
ExpiresByType image/png                             "access plus 1 year"
ExpiresByType application/javascript                "access plus 1 year"
ExpiresByType text/javascript                		  	"access plus 1 year"
ExpiresByType text/javascript A2592000

ExpiresByType image/x-icon                          "access plus 1 week"
ExpiresByType text/x-component                      "access plus 1 month"
ExpiresByType audio/ogg                             "access plus 1 month"
ExpiresByType image/gif                             "access plus 1 month"
ExpiresByType video/mp4                             "access plus 1 month"
ExpiresByType video/ogg                             "access plus 1 month"
ExpiresByType video/webm                            "access plus 1 month"
ExpiresByType application/font-woff                 "access plus 1 month"
ExpiresByType application/vnd.ms-fontobject         "access plus 1 month"
ExpiresByType application/x-font-ttf                "access plus 1 month"
ExpiresByType font/opentype                         "access plus 1 month"
ExpiresByType image/svg+xml                         "access plus 1 month"

ExpiresByType text/xml                              "access plus 0 seconds"
ExpiresByType application/x-web-app-manifest+json   "access plus 0 seconds"
ExpiresByType text/cache-manifest                   "access plus 0 seconds"
ExpiresByType application/json                      "access plus 0 seconds"
ExpiresByType application/ld+json                   "access plus 0 seconds"
ExpiresByType application/xml                       "access plus 0 seconds"
ExpiresByType application/atom+xml                  "access plus 1 hour"
ExpiresByType application/rss+xml                   "access plus 1 hour"
</IfModule>

<IfModule mod_deflate.c>
  <IfModule mod_setenvif.c>
    <IfModule mod_headers.c>
			SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
			RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
    </IfModule>
  </IfModule>
  <IfModule mod_filter.c>
    AddOutputFilterByType DEFLATE application/atom+xml \
                                  application/javascript \
                                  application/json \
                                  application/ld+json \
                                  application/rss+xml \
                                  application/vnd.ms-fontobject \
                                  application/x-font-ttf \
                                  application/x-web-app-manifest+json \
                                  application/xhtml+xml \
                                  application/xml \
                                  font/opentype \
                                  image/svg+xml \
                                  image/x-icon \
                                  text/css \
                                  text/html \
                                  text/plain \
                                  text/x-component \
                                  text/xml
  </IfModule>
</IfModule>