One of the most important things you can make is to protect your .htaccess file along with your error logs, wp-config.php and php.ini files. Once you make the following change, attempts to access these files are denied.
Deny from all
Be sure to check your files and see if you have one named php.ini because you may not. Instead, you may have one called php5.ini. If this is the case, replace php.ini with php5.ini in the above rule.