# Block direct access to PHP views (must be loaded only via index.php)
<FilesMatch "\.(php)$">
    Order Allow,Deny
    Allow from all
</FilesMatch>

# Lock down sensitive folders
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteRule ^views/.*\.php$ - [F,L]
</IfModule>

# Make index.php the default
DirectoryIndex index.php
