# Protect includes directory
# Allow PHP files to be included but block direct browsing
Options -Indexes

# Block direct access to PHP include files
<FilesMatch "\.php$">
    Order Deny,Allow
    Deny from all
</FilesMatch>
