htaccess hardeing for WordPress website

.htaccess

<IfModule mod_headers.c>
  Header set X-XSS-Protection "1; mode=block"
  Header always append X-Frame-Options SAMEORIGIN
  Header set X-Content-Type-Options: "nosniff”
  #Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
  Header always edit Set-Cookie (.*) "$1; HTTPOnly"
  Header always edit Set-Cookie (.*) "$1; Secure"
</IfModule>

#from: http://codex.wordpress.org/Hardening_WordPress
<files wp-config.php>
order allow,deny
deny from all
</files>
#end: from http://codex.wordpress.org/Hardening_WordPress

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /

#block requests to xmlrpc.php file
RewriteRule ^xmlrpc\.php$ "http\:\/\/0\.0\.0\.0\/" [R=301,L]

#from: http://codex.wordpress.org/Hardening_WordPress
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
#end: from http://codex.wordpress.org/Hardening_WordPress

</IfModule>
# Thanks to https://gist.github.com/jel3/9333e55694fc13a321bc

#Disable Indexing
Options -Indexes 
#To unset Etags
Header unset Pragma
FileETag None
Header unset ETag 
ServerSignature Off
<Files .htaccess>
Order Allow,Deny
Deny from all
</Files>
<Files "log.txt">
Order Allow,Deny
Deny from all
</Files>

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress