diff --git a/.htaccess b/.htaccess
index d2dbe3a..db5e0e0 100644
--- a/.htaccess
+++ b/.htaccess
@@ -150,6 +150,14 @@ Options -Indexes
 <IfModule mod_rewrite.c>
     RewriteEngine On
 
+    # Block known scanner IPs
+    RewriteCond %{REMOTE_ADDR} ^(20\.63\.96\.50|4\.193\.248\.52)$
+    RewriteRule ^ - [F,L]
+
+    # Block requests for PHP files that don't exist (webshell scanners)
+    RewriteCond %{REQUEST_FILENAME} !-f
+    RewriteRule \.php$ - [F,L]
+
     # Skip already processed .php files
     RewriteCond %{REQUEST_FILENAME} -f
     RewriteRule ^services/.*\.php$ - [L]