Kill PhP Execution

I have mentioned it before and this is by far the most effective hardening you can apply that will really do something for you:

#PROTECT [Directory Name]

Order Allow, Deny
Deny from all

This ensures that PHP files can not be executed from within a directory. Do note that it could break your theme or plugin, so you’ll want to use it sparingly, but at minimum try using it in your wp-includes and uploads directories.