# Block direct web access to config and SQL; the PHP scripts still include them.
<FilesMatch "\.(sql|md)$">
  Require all denied
</FilesMatch>
<Files "config.php">
  Require all denied
</Files>
<Files "db.php">
  Require all denied
</Files>
