# disable the server signature
ServerSignature Off

# remove php and html extensions
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^([^\.]+)$ $1.php [NC,L]
RewriteRule ^([^\.]+)$ $1.html [NC,L]

# Disable directory browsing
Options -Indexes

# Additional security
<FilesMatch "config\.php$">
    Require all denied
</FilesMatch>

<FilesMatch "\.md$">
    Require all denied
</FilesMatch>