RewriteEngine On
RewriteBase /
# Target search engine bots
RewriteCond %{HTTP_USER_AGENT} (Googlebot|Google-InspectionTool|bingbot|Slurp|DuckDuckBot|Yandex|Baiduspider) [NC]
# Rule 1: Return 410 for any URL with a query string (for search engines only)
RewriteCond %{QUERY_STRING} .+
RewriteRule ^ - [G]

if you want to exclude the sitemap.xml from this then do it like this 

Setup Basic Auth on httaccess with whitlisting specifc IP

AuthType Basic
AuthName "Name of Member’s Area"
AuthUserFile /home//private_html/.htpasswd
Require valid-user
Order deny,allow
Deny from all
Allow from 10.10.10.10
Allow from 20.20.20.20
Satisfy any
ErrorDocument 401 /error_pages/401.html
AddHandler server-parsed .ht

Configuring Next.js app for redirection while whitelisting specific IPs.

Below is the code that enables the execution of a Next.js application for specific IP addresses while redirecting other users to the primary website.

#RewriteEngine On
## WH
RewriteCond %{REMOTE_ADDR} !10\.10\.10\.10$
RewriteCond %{REMOTE_ADDR} !11\.11\.11\.11$

RewriteRule ^(.*)$ https://www.live-website.com/$1 [L,R=301]

Introduction:
In web development, sometimes you may want to redirect all users accessing your website to a specific URL, such as www.example.com. However, there might be certain cases where you need to exclude specific IP addresses from this redirection. In this article, we will explore how to achieve this using the .htaccess file.

The content of the .htaccess for nextjs application is

# Redirect traffic to your port 3001
DirectoryIndex
RewriteEngine On
RewriteBase /
RewriteRule ^(.*)?$ http://127.0.0.1:3001/$1 [P,L]
 

to exclude a file from this rule (EX: test.txt) we can add this like 

RewriteCond %{REQUEST_URI} !test\.txt [NC]

Full Code

Protect wp-admin by Basic Auth

You have to protect the wp-admin / wp-login.php at least by the baisc-auth if you do not want to do it using Cloduflare

Here is the steps to Protect it

All of us know that WordPress is the most common CMS and it is the easiest one ever, Now I will put here some tips to install a secure WordPress

1. Install WordPress CMS platform Here is the link 
2. https://wordpress.org/plugins/advanced-nocaptcha-recaptcha

Important tips:

To hide sensitive files in the wp-includes folder, add the following code to the .htaccess file in the root of your site:

# Block wp-includes folder and files
 <IfModule mod_rewrite.c>
 RewriteEngine On
 RewriteBase /
 RewriteRule ^wp-admin/includes/ - [F,L]
 RewriteRule !^wp-includes/ - [S=3]
 RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
 RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
 RewriteRule ^wp-includes/theme-compat/ - [F,L]
 </IfModule>

wp-content/uploads directory

your wp–content/uploads directory should be considered a potential entry point and can be exploited for number of wordpress hacks . The biggest potential threat is the uploading of PHP files.

If you can browse /wp–content/plugins/ – the enumeration of plugins and versions becomes much easier! Exploiting this can allow an attacker to obtain sensitive information that could aid in further attacks.

A lot of time we get many requests from some bots we do not need here you can block them from htaccess file 

<IfModule mod_setenvif.c>
  SetEnvIfNoCase User-Agent (SemrushBot|Semrush|python-requests|sqlmap|wordpress|apachebench) bad_user_agents

  Order Allow,Deny
  Allow from all
  Deny from env=bad_user_agents
</IfModule>