wordpress security

Hi there.  i am trying to secure down my wordpress site.  In my .htaccess file I have:

# protect the htaccess file
<files .htaccess>
order allow,deny
deny from all
</files>

# protect wpconfig.php
<files wp-config.php>
order allow,deny
deny from all
</files>

# disable the server signature
ServerSignature Off

# limit file uploads to 100mb
LimitRequestBody 102400000

#who has access and who doesnt
#<Limit GET POST PUT>
#order allow,deny
#allow from all
#deny from xx.xx.xx.xx
#</LIMIT>

# Allow only my IP adress on the wp-admin directory
#AuthUserFile /dev/null
#AuthGroupFile /dev/null
#AuthName "Example Access Control"
#AuthType Basic
#<LIMIT GET>
#order deny,allow
#deny from all
#allow from xx.xx.xx.xx
#</LIMIT>

# disable/prevent directory browsing
#Options All –Indexes

#RedirectMatch 301 /([0-9]+)/([0-9]+)/([0-9]+)/(.*)$ http://www.domain.com/$4
#RewriteRule ^category/(.+)$ http://www.domain.com/$1 [R=301,L]

# temp redirect wordpress content feeds to feedburner
#<IfModule mod_rewrite.c>
#RewriteEngine on
#RewriteCond %{HTTP_USER_AGENT} !FeedBurner    [NC]
#RewriteCond %{HTTP_USER_AGENT} !FeedValidator [NC]
#RewriteRule ^feed/?([_0-9a-z-]+)?/?$ http://feeds2.feedburner.com/catswhocode [R=302,NC,L]
#</IfModule>

#block referring domains
#RewriteEngine on
#RewriteCond %{HTTP_REFERER} digg.com [NC]
#RewriteRule .* – [F]

#RewriteEngine On
#Replace ?mysite.com/ with your blog url
#RewriteCond %{HTTP_REFERER} !^http://(.+.)?mysite.com/ [NC]
#RewriteCond %{HTTP_REFERER} !^$
#Replace /images/nohotlink.jpg with your "don't hotlink" image url
#RewriteRule .*.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpg [L]

# set the canonical url
#RewriteEngine On
#RewriteCond %{HTTP_HOST} ^http://yourdomain.com$ [NC]
#RewriteRule ^(.*)$ http://www.yourdomain.com/$1 [R=301,L]

# protect from spam or post comments
#RewriteEngine On
#RewriteCond %{REQUEST_METHOD} POST
#RewriteCond %{REQUEST_URI} .wp-comments-post.php*
#RewriteCond %{HTTP_REFERER} !.*yourdomain.com.* [OR]
#RewriteCond %{HTTP_USER_AGENT} ^$

#RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]

# protect maintenance page
#RewriteEngine on
#RewriteCond %{REQUEST_URI} !/maintenance.html$
#RewriteCond %{REMOTE_ADDR} !^xx.xx.xx.xx
#RewriteRule $ /maintenance.html [R=302,L]

# Set the Time Zone of the Server
SetEnv TZ America/Denver

# Compress static data
AddOutputFilterByType DEFLATE text/html text/plain text/xml application/xml application/xhtml+xml text/javascript text/css application/x-javascript
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4.0[678] no-gzip
BrowserMatch bMSIE !no-gzip !gzip-only-text/html

# Forcing the use of browser cache
FileETag MTime Size
<ifmodule mod_expires.c>
<filesmatch ".(jpg|gif|png|css|js)$">
ExpiresActive on
ExpiresDefault "access plus 1 year"
</filesmatch>
</ifmodule>

# Protect WordPress Blog From Script Injections 
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]

Select allOpen in new window

In my wp-config.php file I have:

define('DISALLOW_FILE_EDIT',true);
define('DISALLOW_FILE_MODS',true);
define('FS_METHOD', 'ftpext');

Select allOpen in new window

I've commented out most things in the .htaccess file because I'm sure if I need them.  Please let me know.  Or if you know of a good plugin that will generate a safe .htaccess file for my site.  Thanks!