User-agent: *
# Block WordPress core folders
Disallow: /wp-admin/
Disallow: /wp-includes/
Disallow: /wp-content/plugins/
Disallow: /wp-content/themes/
Disallow: /cgi-bin/
Disallow: /trackback/
Disallow: /comments/
Disallow: /?s=
Disallow: /*?*
Disallow: /readme.html
Disallow: /license.txt

# Allow admin AJAX for front-end features
Allow: /wp-admin/admin-ajax.php

# Optional: Block author archive (to prevent username enumeration)
Disallow: /author/

# Optional: Block XML-RPC (commonly targeted for brute force)
Disallow: /xmlrpc.php

# Optional: Block sensitive WooCommerce URLs
Disallow: /cart/
Disallow: /checkout/
Disallow: /my-account/
Disallow: /addons/

# Allow crawling of content (images, CSS, JS)
Allow: /wp-content/uploads/
Allow: /wp-content/cache/
Allow: /*.js$
Allow: /*.css$