# Block direct access to PHP includes
<FilesMatch "\.(php|sql|log|md)$">
    Require all denied
</FilesMatch>
