added additional plugins

2025-12-12 19:05:48 -05:00 · 2025-12-12 19:05:48 -05:00 · 00e60ec1b7
commit 00e60ec1b7
parent c85895d306
132 changed files with 27514 additions and 0 deletions
--- a/native/wordpress/maple-code-blocks/.htaccess
+++ b/native/wordpress/maple-code-blocks/.htaccess
@ -0,0 +1,112 @@
+# GitHub Code Viewer Plugin - Security Rules
+
+# Prevent directory browsing
+Options -Indexes
+
+# Deny access to all files by default
+<FilesMatch ".*">
+    Order Deny,Allow
+    Deny from all
+</FilesMatch>
+
+# Allow access to specific file types only
+<FilesMatch "\.(css|js|png|jpg|jpeg|gif|svg|woff|woff2|ttf|eot)$">
+    Order Allow,Deny
+    Allow from all
+</FilesMatch>
+
+# Specifically allow access to the main plugin file
+<Files "maple-code-blocks.php">
+    Order Allow,Deny
+    Allow from all
+</Files>
+
+# Protect sensitive files
+<FilesMatch "(^\.|wp-config\.php|\.htaccess|\.htpasswd|error_log|readme\.html|license\.txt|install\.php|php\.ini|php5\.ini)">
+    Order Allow,Deny
+    Deny from all
+</FilesMatch>
+
+# Disable PHP execution in subdirectories (except the root plugin file)
+<FilesMatch "\.php$">
+    <If "%{REQUEST_URI} !~ m#^.*/maple-code-blocks/maple-code-blocks\.php$#">
+        Order Deny,Allow
+        Deny from all
+    </If>
+</FilesMatch>
+
+# Prevent script injection
+<IfModule mod_rewrite.c>
+    RewriteEngine On
+    RewriteBase /
+    RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
+    RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR]
+    RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2})
+    RewriteRule ^(.*)$ - [F,L]
+</IfModule>
+
+# Disable XML-RPC if not needed
+<Files xmlrpc.php>
+    Order Deny,Allow
+    Deny from all
+</Files>
+
+# Add security headers
+<IfModule mod_headers.c>
+    Header set X-Content-Type-Options "nosniff"
+    Header set X-Frame-Options "SAMEORIGIN"
+    Header set X-XSS-Protection "1; mode=block"
+    Header set Referrer-Policy "strict-origin-when-cross-origin"
+</IfModule>
+
+# Hotlinking protection disabled - not needed for WordPress plugins
+# WordPress plugins need their assets accessible to the host site
+# <IfModule mod_rewrite.c>
+#     RewriteEngine on
+#     RewriteCond %{HTTP_REFERER} !^$
+#     RewriteCond %{HTTP_REFERER} !^https?://(www\.)?%{HTTP_HOST} [NC]
+#     RewriteRule \.(css|js|png|jpg|jpeg|gif|svg)$ - [F,NC,L]
+# </IfModule>
+
+# Compress text files
+<IfModule mod_deflate.c>
+    AddOutputFilterByType DEFLATE text/plain
+    AddOutputFilterByType DEFLATE text/html
+    AddOutputFilterByType DEFLATE text/css
+    AddOutputFilterByType DEFLATE application/javascript
+    AddOutputFilterByType DEFLATE application/json
+</IfModule>
+
+# Set proper MIME types
+<IfModule mod_mime.c>
+    AddType text/css .css
+    AddType application/javascript .js
+    AddType application/json .json
+</IfModule>
+
+# Cache control for static assets
+<IfModule mod_expires.c>
+    ExpiresActive On
+    ExpiresByType text/css "access plus 1 month"
+    ExpiresByType application/javascript "access plus 1 month"
+    ExpiresByType image/png "access plus 1 month"
+    ExpiresByType image/jpg "access plus 1 month"
+    ExpiresByType image/jpeg "access plus 1 month"
+    ExpiresByType image/gif "access plus 1 month"
+    ExpiresByType image/svg+xml "access plus 1 month"
+</IfModule>
+
+# Disable server signature
+ServerSignature Off
+
+# Prevent access to hidden files
+<FilesMatch "^\.">
+    Order Allow,Deny
+    Deny from all
+</FilesMatch>
+
+# Block access to backup and source files
+<FilesMatch "(\.(bak|backup|config|dist|fla|inc|ini|log|psd|sh|sql|sw[op])|~)$">
+    Order Allow,Deny
+    Deny from all
+</FilesMatch>