Run 2

Options +FollowSymlinks
        RewriteEngine on

# force l'https://
        RewriteCond %{HTTPS} off
        RewriteCond %{HTTP_HOST} !=localhost
        RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]

#réécriture d'url
        RewriteRule ^accueil$ index.php [L]
        RewriteRule ^blog$ blog.php [L]
        RewriteRule ^services$ services.php [L]
        RewriteRule ^liensutiles$ links.php [L]
        RewriteRule ^nous-contacter$ contact.php [L]
        RewriteRule ^cookies$ cookies.php [L]
        RewriteRule ^vie-privee$ terms.php [L]

RewriteRule ^article$ article.php?id=$1 [L]
        RewriteRule ^(.\w*)-([0-9]+)-([A-z[:punct:]\w+]+)$ ./article.php?id=$2&slug=$3 [L]

# autoriser des site à correspondre
        SetEnvIf Origin "http(s)?://(www\.)?(site1.be|site2.be|site3.be)$"AccessControlAllowOrigin=$0
        Header add Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
        Header merge Vary Origin

# SECURITE
        # Désactiver l'affichage du contenu des répertoires
        Options All -Indexes
        # Alternative pour empêcher le listage des répertoires
        IndexIgnore *
        # Masquer les informations du serveur
        ServerSignature Off
        # Protéger le fichier wp-config.php
        <files wp-config.php>
          order allow,deny
          deny from all
        </files>
        # Protéger les fichiers .htaccess et .htpasswds
        <Files ~ "^.*\.([Hh][Tt][AaPp])">
          order allow,deny
          deny from all
          satisfy all
        </Files>
        # Désactiver le hotlinking de vos images
        RewriteEngine On
        RewriteCond %{HTTP_REFERER} !^$
        RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?localhost/cqfd/ [NC]
        RewriteRule \.(jpg|jpeg|png|gif)$ http://fakeimg.pl/400x200/?text=Pas_touche_aux_images [NC,R,L]
        <Limit GET POST>
          order allow,deny
          deny from 204.12.238.58
          allow from all
        </Limit>
        # Mise en cache des fichiers dans le navigateur
        <IfModule mod_expires.c>
          ExpiresActive On
          ExpiresDefault "access plus 1 month"
          ExpiresByType text/html "access plus 0 seconds"
          ExpiresByType text/xml "access plus 0 seconds"
          ExpiresByType application/xml "access plus 0 seconds"
          ExpiresByType application/json "access plus 0 seconds"
          ExpiresByType application/pdf "access plus 0 seconds"
          ExpiresByType application/rss+xml "access plus 1 hour"
          ExpiresByType application/atom+xml "access plus 1 hour"
          ExpiresByType application/x-font-ttf "access plus 1 month"
          ExpiresByType font/opentype "access plus 1 month"
          ExpiresByType application/x-font-woff "access plus 1 month"
          ExpiresByType application/x-font-woff2 "access plus 1 month"
          ExpiresByType image/svg+xml "access plus 1 month"
          ExpiresByType application/vnd.ms-fontobject "access plus 1 month"
          ExpiresByType image/jpg "access plus 1 month"
          ExpiresByType image/jpeg "access plus 1 month"
          ExpiresByType image/gif "access plus 1 month"
          ExpiresByType image/png "access plus 1 month"
          ExpiresByType video/ogg "access plus 1 month"
          ExpiresByType audio/ogg "access plus 1 month"
          ExpiresByType video/mp4 "access plus 1 month"
          ExpiresByType video/webm "access plus 1 month"
          ExpiresByType text/css "access plus 6 month"
          ExpiresByType application/javascript "access plus 6 month"
          ExpiresByType application/x-shockwave-flash "access plus 1 week"
          ExpiresByType image/x-icon "access plus 1 week"
        </IfModule>
        # En-têtes
        Header unset ETag
        FileETag None
        <ifModule mod_headers.c>  
          <filesMatch "\.(ico|jpe?g|png|gif|swf)$">  
            Header set Cache-Control "public"  
          </filesMatch>  
          <filesMatch "\.(css)$">  
            Header set Cache-Control "public"  
          </filesMatch>  
          <filesMatch "\.(js)$">  
            Header set Cache-Control "private"  
          </filesMatch>  
          <filesMatch "\.(x?html?|php)$">  
            Header set Cache-Control "private, must-revalidate"
          </filesMatch>
        </ifModule>
        # Compressions des fichiers statiques
        <IfModule mod_deflate.c> 
          AddOutputFilterByType DEFLATE text/xhtml text/html text/plain text/xml text/javascript application/x-javascript text/css 
          BrowserMatch ^Mozilla/4 gzip-only-text/html 
          BrowserMatch ^Mozilla/4\.0[678] no-gzip 
          BrowserMatch \bMSIE !no-gzip !gzip-only-text/html 
          SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary 
          Header append Vary User-Agent env=!dont-vary 
        </IfModule>  
        AddOutputFilterByType DEFLATE text/html  
        AddOutputFilterByType DEFLATE text/plain  
        AddOutputFilterByType DEFLATE text/xml  
        AddOutputFilterByType DEFLATE text/css  
        AddOutputFilterByType DEFLATE text/javascript
        AddOutputFilterByType DEFLATE font/opentype
        AddOutputFilterByType DEFLATE application/rss+xml
        AddOutputFilterByType DEFLATE application/javascript
        AddOutputFilterByType DEFLATE application/json
        # Bloquer l'utilisation de certains scripts
        RewriteEngine On
        RewriteBase /
        RewriteRule ^wp-admin/includes/ - [F,L]
        RewriteRule !^wp-includes/ - [S=3]
        RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
        RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
        RewriteRule ^wp-includes/theme-compat/ - [F,L]
        # Protection contre les injections de fichiers
        RewriteCond %{REQUEST_METHOD} GET
        RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [OR]
        RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [OR]
        RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC]
        RewriteRule .* - [F]
        # Protections diverses (XSS, clickjacking et MIME-Type sniffing)
        <ifModule mod_headers.c>
          Header set X-XSS-Protection "1; mode=block"
          Header always append X-Frame-Options SAMEORIGIN
          Header set X-Content-Type-Options: "nosniff”
        </ifModule>

Options +FollowSymlinks
        RewriteEngine on

# force l'https://
        RewriteCond %{HTTPS} off
        RewriteCond %{HTTP_HOST} !=localhost
        RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]

# Désactiver l'affichage du contenu des répertoires
        Options All -Indexes

# Alternative pour empêcher le listage des répertoires
        IndexIgnore *

# Masquer les informations du serveur
        ServerSignature Off

# Protéger les fichiers .htaccess et .htpasswds
        <Files ~ "^.*\.([Hh][Tt][AaPp])">
          order allow,deny
          deny from all
          satisfy all
        </Files>

# Mise en cache des fichiers dans le navigateur
        <IfModule mod_expires.c>
          ExpiresActive On
          ExpiresDefault "access plus 1 month"
          ExpiresByType text/html "access plus 0 seconds"
          ExpiresByType text/xml "access plus 0 seconds"
          ExpiresByType application/xml "access plus 0 seconds"
          ExpiresByType application/json "access plus 0 seconds"
          ExpiresByType application/pdf "access plus 0 seconds"
          ExpiresByType application/rss+xml "access plus 1 hour"
          ExpiresByType application/atom+xml "access plus 1 hour"
          ExpiresByType application/x-font-ttf "access plus 1 month"
          ExpiresByType font/opentype "access plus 1 month"
          ExpiresByType application/x-font-woff "access plus 1 month"
          ExpiresByType application/x-font-woff2 "access plus 1 month"
          ExpiresByType image/svg+xml "access plus 1 month"
          ExpiresByType application/vnd.ms-fontobject "access plus 1 month"
          ExpiresByType image/jpg "access plus 1 month"
          ExpiresByType image/jpeg "access plus 1 month"
          ExpiresByType image/gif "access plus 1 month"
          ExpiresByType image/png "access plus 1 month"
          ExpiresByType video/ogg "access plus 1 month"
          ExpiresByType audio/ogg "access plus 1 month"
          ExpiresByType video/mp4 "access plus 1 month"
          ExpiresByType video/webm "access plus 1 month"
          ExpiresByType text/css "access plus 6 month"
          ExpiresByType application/javascript "access plus 6 month"
          ExpiresByType application/x-shockwave-flash "access plus 1 week"
          ExpiresByType image/x-icon "access plus 1 week"
        </IfModule>

# En-têtes
        Header unset ETag
        FileETag None
        <ifModule mod_headers.c>  
          <filesMatch "\.(ico|jpe?g|png|gif|swf)$">  
            Header set Cache-Control "public"  
          </filesMatch>  
          <filesMatch "\.(css)$">  
            Header set Cache-Control "public"  
          </filesMatch>  
          <filesMatch "\.(js)$">  
            Header set Cache-Control "private"  
          </filesMatch>  
          <filesMatch "\.(x?html?|php)$">  
            Header set Cache-Control "private, must-revalidate"
          </filesMatch>
        </ifModule>

# Compressions des fichiers statiques
        <IfModule mod_deflate.c> 
          AddOutputFilterByType DEFLATE text/xhtml text/html text/plain text/xml text/javascript application/x-javascript text/css 
          BrowserMatch ^Mozilla/4 gzip-only-text/html 
          BrowserMatch ^Mozilla/4\.0[678] no-gzip 
          BrowserMatch \bMSIE !no-gzip !gzip-only-text/html 
          SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary 
          Header append Vary User-Agent env=!dont-vary 
        </IfModule>  
        AddOutputFilterByType DEFLATE text/html  
        AddOutputFilterByType DEFLATE text/plain  
        AddOutputFilterByType DEFLATE text/xml  
        AddOutputFilterByType DEFLATE text/css  
        AddOutputFilterByType DEFLATE text/javascript
        AddOutputFilterByType DEFLATE font/opentype
        AddOutputFilterByType DEFLATE application/rss+xml
        AddOutputFilterByType DEFLATE application/javascript
        AddOutputFilterByType DEFLATE application/json

# Protection contre les injections de fichiers
        RewriteCond %{REQUEST_METHOD} GET
        RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [OR]
        RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [OR]
        RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC]
        RewriteRule .* - [F]

# Protections diverses (XSS, clickjacking et MIME-Type sniffing)
        <ifModule mod_headers.c>
          Header set X-XSS-Protection "1; mode=block"
          Header always append X-Frame-Options SAMEORIGIN
          Header set X-Content-Type-Options: "nosniff”
        </ifModule>

Run 2

Fichier .htaccess de base