diff --git a/public/.htaccess b/public/.htaccess
index b29af3a..e30ceb6 100644
--- a/public/.htaccess
+++ b/public/.htaccess
@@ -1,4 +1,5 @@
 # Kirby .htaccess
+# revision 2020-06-15
 
 # rewrite rules
 <IfModule mod_rewrite.c>
@@ -8,11 +9,11 @@
 RewriteEngine on
 
 # make sure to set the RewriteBase correctly
-# if you are running the site in a subfolder.
-# Otherwise links or the entire site will break.
+# if you are running the site in a subfolder;
+# otherwise links or the entire site will break.
 #
-# If your homepage is http://yourdomain.com/mysite
-# Set the RewriteBase to:
+# If your homepage is http://yourdomain.com/mysite,
+# set the RewriteBase to:
 #
 # RewriteBase /mysite
 
@@ -38,17 +39,13 @@ RewriteRule ^$ /yadis.xrds [PT]
 # except for the .well-known folder, which is used for Let's Encrypt and security.txt
 RewriteRule (^|/)\.(?!well-known\/) index.php [L]
 
-# block text files in the content folder from being accessed directly
-RewriteRule ^content/(.*)\.(txt|md|mdown)$ index.php [L]
+# block all files in the content folder from being accessed directly
+RewriteRule ^content/(.*) index.php [L]
 
 # block all files in the site folder from being accessed directly
-# except for requests to plugin assets files
 RewriteRule ^site/(.*) index.php [L]
 
-# Enable authentication header
-SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
-
-# block direct access to kirby and the panel sources
+# block direct access to Kirby and the Panel sources
 RewriteRule ^kirby/(.*) index.php [L]
 
 # make site links work
@@ -58,6 +55,9 @@ RewriteRule ^(.*) index.php [L]
 
 </IfModule>
 
+# Enable authentication header
+SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
+
 # MIME types
 <IfModule mod_mime.c>
 AddType application/pgp-keys asc