.htaccess

# Secutiry rules & Wordpress default configuration.

<IfModule mod_headers.c>
    Header set Access-Control-Allow-Origin "*"
</IfModule>

# Admin redirect
RedirectMatch 301 /admin/(.*) /wp/wp-admin/$1

# Audio files streaming
<FilesMatch "\.(mp3|m4a|aac|ogg|webm|wma)$">
  ForceType application/octet-stream
  Header set Content-Disposition attachment
</FilesMatch>

# Video files streaming
<FilesMatch "\.(avi|asf|mov|qt|mpg|mpeg|mp4|wmv|divx)$">
  ForceType application/octet-stream
  Header set Content-Disposition attachment
</FilesMatch>

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTP_HOST} .*helsingborg.se.*
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</ifModule>

# Rewrite rules -
<IfModule mod_rewrite.c>
    RewriteEngine On

    RewriteBase /
    RewriteRule ^index\.php$ - [L]

    # add a trailing slash to /wp-admin
    RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]

    RewriteCond %{REQUEST_FILENAME} -f [OR]
    RewriteCond %{REQUEST_FILENAME} -d
    RewriteRule ^ - [L]
    RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) wp/$2 [L]
    RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ wp/$2 [L]
    RewriteRule . index.php [L]
</ifModule>

# Prevent spam form submit
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} POST
    RewriteCond %{REQUEST_URI} .(wp-comments-post|wp-login)\.php*
    RewriteCond %{HTTP_REFERER} !.*helsingborg.se.* [OR]
    RewriteCond %{HTTP_USER_AGENT} ^$
    RewriteRule (.*) http://%{REMOTE_ADDR}/$1 [R=301,L]
</ifModule>

# Prevent access to XML RPC & Pingback
<FilesMatch "^(xmlrpc\.php|wp-trackback\.php)">
    Order Deny,Allow
    Deny from all
</FilesMatch>

# Prevent drive-by-download attacks
<IfModule mod_headers.c>
    Header set X-Content-Type-Options nosniff
</IfModule>

# Cache-Control Headers
<ifModule mod_headers.c>
  <filesMatch "\.(ico|jpe?g|png|gif|swf)$">
    Header set Cache-Control "public"
  </filesMatch>
  <filesMatch "\.(css)$">
    Header set Cache-Control "public"
  </filesMatch>
  <filesMatch "\.(js)$">
    Header set Cache-Control "private"
  </filesMatch>
  <filesMatch "\.(x?html?|php)$">
    Header set Cache-Control "private, must-revalidate"
  </filesMatch>
</ifModule>

# BEGIN Expire headers
<ifModule mod_expires.c>
  ExpiresActive On
  ExpiresDefault "access plus 5 seconds"
  ExpiresByType image/x-icon "access plus 2592000 seconds"
  ExpiresByType image/jpeg "access plus 3600 seconds"
  ExpiresByType image/png "access plus 3600 seconds"
  ExpiresByType image/gif "access plus 3600 seconds"
  ExpiresByType application/x-shockwave-flash "access plus 2592000 seconds"
  ExpiresByType text/css "access plus 3600 seconds"
  ExpiresByType text/javascript "access plus 3600 seconds"
  ExpiresByType application/javascript "access plus 3600 seconds"
  ExpiresByType application/x-javascript "access plus 3600 seconds"
  ExpiresByType text/html "access plus 600 seconds"
  ExpiresByType application/xhtml+xml "access plus 600 seconds"
</ifModule>