# BEGIN iThemes Security
	# BEGIN Ban Users
		# Begin HackRepair.com Blacklist
		RewriteEngine on
		RewriteCond %{HTTP_USER_AGENT} ^[Ww]eb[Bb]andit [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Acunetix [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^binlar [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Bolt\ 0 [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:craftbot\@yahoo\.com [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^BOT\ for\ JCE [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^casper [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^checkprivacy [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^clshttp [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^cmsworldmap [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^comodo [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Custo [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Default\ Browser\ 0 [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^diavol [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^DIIbot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^DISCo [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^dotbot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Download\ Demon [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^eCatch [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^EmailCollector [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^extract [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^feedfinder [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^FHscan [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^FlashGet [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^flicky [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^GetRight [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^g00g1e [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^grab [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^GrabNet [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Grafula [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^harvest [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^HMView [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^ia_archiver [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^InterGET [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^InternetSeer\.com [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^jakarta [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Java [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^JetCar [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^kanagawa [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^kmccrew [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^larbin [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^libwww [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Maxthon$ [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^microsoft\.url [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^miner [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Mozilla\.*Indy [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Mozilla\.*NEWT [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^MSFrontPage [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Navroad [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^NearSite [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^NetAnts [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^NetSpider [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^NetZIP [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^nutch [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Octopus [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^pavuk [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^PeoplePal [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^planetwork [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^psbot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^purebot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^pycurl [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^RealDownload [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^ReGet [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Rippers\ 0 [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^SeaMonkey$ [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^sitecheck\.internetseer\.com [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^skygrid [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^sucker [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^SuperBot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Surfbot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Toata\ dragostea\ mea\ pentru\ diavola [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^turnit [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^vikspider [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WebAuto [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WebCopier [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WebFetch [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WebReaper [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WebSauger [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WPScan [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WebStripper [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WebZIP [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Wget [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Widow [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WWW-Mechanize [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Yandex [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Zeus [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^zmeu [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} AhrefsBot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} CazoodleBot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} discobot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ecxi [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} GT::WWW [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} heritrix [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} HTTP::Lite [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} HTTrack [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ia_archiver [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} id-search [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} id-search\.org [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} IDBot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} IRLbot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ISC\ Systems\ iRc\ Search\ 2\.1 [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} LinksManager.com_bot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} linkwalker [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} lwp-trivial [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} MFC_Tear_Sample [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} Microsoft\ URL\ Control [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} Missigua\ Locator [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} MJ12bot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} panscient.com [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} PECL::HTTP [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} PHPCrawl [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} PleaseCrawl [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} SBIder [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} Snoopy [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} Steeler [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} URI::Fetch [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} urllib [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} Web\ Sucker [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} webalta [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} WebCollage [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} Wells\ Search\ II [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} WEP\ Search [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} zermelo [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ZyBorg [NC]
		RewriteRule ^.* - [F,L]
		# End HackRepair.com Blacklist, http://pastebin.com/u/hackrepair
		
	# END Ban Users
	# BEGIN Tweaks
		# Rules to block access to WordPress specific files
		<files .htaccess>
			Order allow,deny
			Deny from all
		</files>
		<files readme.html>
			Order allow,deny
			Deny from all
		</files>
		<files readme.txt>
			Order allow,deny
			Deny from all
		</files>
		<files install.php>
			Order allow,deny
			Deny from all
		</files>
		<files wp-config.php>
			Order allow,deny
			Deny from all
		</files>
		<Files xmlrpc.php>
			Order Deny,Allow
			Deny from all
		</Files>
		# Rules to disable directory browsing
		Options -Indexes
		
		<IfModule mod_rewrite.c>
			RewriteEngine On
		
			# Rules to protect wp-includes
			RewriteRule ^wp-admin/includes/ - [F]
			RewriteRule !^wp-includes/ - [S=3]
			RewriteCond %{SCRIPT_FILENAME} !^(.*)wp-includes/ms-files.php
			RewriteRule ^wp-includes/[^/]+\.php$ - [F]
			RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F]
			RewriteRule ^wp-includes/theme-compat/ - [F]
		
			# Rules to prevent php execution in uploads
			RewriteRule ^(.*)/uploads/(.*).php(.?) - [F]
		
			# Rules to block unneeded HTTP methods
			RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK) [NC]
			RewriteRule ^(.*)$ - [F]
		
			# Rules to block suspicious URIs
			RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]
			RewriteCond %{QUERY_STRING} ^.*\.(bash|git|hg|log|svn|swp|cvs) [NC,OR]
			RewriteCond %{QUERY_STRING} etc/passwd [NC,OR]
			RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
			RewriteCond %{QUERY_STRING} ftp\:  [NC,OR]
			RewriteCond %{QUERY_STRING} http\:  [NC,OR]
			RewriteCond %{QUERY_STRING} https\:  [NC,OR]
			RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
			RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [NC,OR]
			RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
			RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|ê|;|\?|\*|=$).* [NC,OR]
			RewriteCond %{QUERY_STRING} ^.*(&#x22;|&#x27;|&#x3C;|&#x3E;|&#x5C;|&#x7B;|&#x7C;).* [NC,OR]
			RewriteCond %{QUERY_STRING} ^.*(%24&x).* [NC,OR]
			RewriteCond %{QUERY_STRING} ^.*(127\.0).* [NC,OR]
			RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
			RewriteCond %{QUERY_STRING} ^.*(request|concat|insert|union|declare).* [NC]
			RewriteCond %{QUERY_STRING} !^loggedout=true
			RewriteCond %{QUERY_STRING} !^action=jetpack-sso
			RewriteCond %{QUERY_STRING} !^action=rp
			RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in_.*$
			RewriteCond %{HTTP_REFERER} !^http://maps\.googleapis\.com(.*)$
			RewriteRule ^(.*)$ - [F]
		</IfModule>
	# END Tweaks
# END iThemes Security


# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress
<Files 403.shtml>
order allow,deny
allow from all
</Files>


RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://stmaryandstromuald.stthereseingleby.org.uk/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://stmaryandstromuald.stthereseingleby.org.uk$      [NC]
RewriteCond %{HTTP_REFERER} !^http://stthereseingleby.org.uk/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://stthereseingleby.org.uk$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.stmaryandstromuald.stthereseingleby.org.uk/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.stmaryandstromuald.stthereseingleby.org.uk$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.stthereseingleby.org.uk/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.stthereseingleby.org.uk$      [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ - [F,NC]


# BEGIN Brute Force Login Protection
#deny from 46.119.122.15
#deny from 195.154.250.216
#deny from 188.165.241.214
#deny from 178.137.19.65
#deny from 27.255.94.165
#deny from 45.43.239.2
#deny from 195.154.237.149
#deny from 173.254.203.75
#deny from 195.154.241.71
#deny from 195.154.241.43
#deny from 93.24.30.45
#deny from 178.137.81.70
#deny from 195.154.241.157
#deny from 178.33.140.34
#deny from 195.154.237.92
#deny from 128.127.105.66
#deny from 78.129.145.209
#deny from 198.61.174.132
#deny from 104.194.26.204
#deny from 91.200.12.38
#deny from 37.115.184.194
#deny from 134.249.140.99
#deny from 202.28.32.20
#deny from 188.163.75.7
#deny from 91.196.11.84
#deny from 195.154.251.17
#deny from 59.106.61.125
#deny from 54.172.110.135
#deny from 195.154.250.88
#deny from 195.154.251.11
#deny from 37.46.121.147
#deny from 91.200.12.65
#deny from 72.46.133.242
#deny from 195.154.241.35
#deny from 195.154.183.187
#deny from 88.236.27.144
#deny from 178.137.85.67
#deny from 104.194.26.205
#deny from 27.255.94.166
#deny from 195.154.240.184
#deny from 180.150.227.246
#deny from 46.119.117.160
#deny from 195.154.226.186
#deny from 195.154.240.246
#deny from 37.57.0.201
#deny from 62.210.162.209
# END Brute Force Login Protection

<IfModule mod_expires.c>
# Enable expirations
ExpiresActive On 
# Default directive
ExpiresDefault "access plus 1 month"
# My favicon
ExpiresByType image/x-icon "access plus 1 year"
# Images
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType image/jpg "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
# CSS
ExpiresByType text/css "access plus 1 month"
# Javascript
ExpiresByType application/javascript "access plus 1 year"
</IfModule>