Kill PhP Execution
I have mentioned it before and this is by far the most effective hardening you can apply that will really do something for you:
#PROTECT [Directory Name]
Order Allow, Deny
Deny from all
This ensures that PHP files can not be executed from within a directory. Do note that it could break your theme or plugin, so you’ll want to use it sparingly, but at minimum try using it in your wp-includes and uploads directories.