# robots.txt for WordPress

User-agent: *
# Block admin and login areas
Disallow: /wp-admin/
Disallow: /wp-login.php

# Allow admin-ajax.php (needed for WP functionality like comments, forms)
Allow: /wp-admin/admin-ajax.php

# Block common sensitive or duplicate paths
Disallow: /cgi-bin/
Disallow: /trackback/
Disallow: /xmlrpc.php
Disallow: /wp-content/plugins/
Disallow: /wp-content/cache/
Disallow: /wp-json/

# Block internal search result pages (avoid thin/duplicate content in SERPs)
Disallow: /?s=
Disallow: /search/

# Optional: Block author archives if not needed (to prevent duplicate content)
Disallow: /author/

# Optional: Block tag pages if thin content
# Disallow: /tag/

# Sitemap reference (always include)
Sitemap: https://www.example.com/sitemap_index.xml