How can .htaccess be used to block bad bots from accessing PHP files on a server?

Bad bots can be blocked from accessing PHP files on a server by using the .htaccess file to deny access based on user-agent strings commonly associated with malicious bots. By specifying these user-agent strings in the .htaccess file, requests from these bots can be blocked before they reach the PHP files on the server. ``` # Block bad bots from accessing PHP files <FilesMatch "\.php$"> SetEnvIfNoCase User-Agent "badbot1" bad_bot SetEnvIfNoCase User-Agent "badbot2" bad_bot Order allow,deny Deny from env=bad_bot </FilesMatch> ```