Hey Lwangaman,
Your post is a little long in the tooth but thought i'd reply anyway.
Copy / pasting into the .htaccess file straight from the plugin dashboard doesn't work. You need to clean it up a bit.
I copy/paste into Notepad++ (or similar) first and eyeball it for missing spaces or other weird characters. Remove the double spacing too as that's painful.
In the end there's usually a line or two that butt up against each other which become a bit more obvious in a colour coded text editor.
The block i have in my htaccess (using latest version of ithemes security) looks like this:
# Rules to disable directory browsing
Options -Indexes
<IfModule mod_rewrite.c>
RewriteEngine On
# Rules to protect wp-includes
RewriteRule ^wp-admin/includes/ - [F]
RewriteRule !^wp-includes/ - [S=3]
RewriteCond %{SCRIPT_FILENAME} !^(.*)wp-includes/ms-files.php
RewriteRule ^wp-includes/[^/]+\.php$ - [F]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F]
RewriteRule ^wp-includes/theme-compat/ - [F]
# Rules to prevent php execution in uploads
RewriteRule ^(.*)/uploads/(.*).php(.?) - [F]
# Rules to block unneeded HTTP methods
RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK) [NC]
RewriteRule ^(.*)$ - [F]
# Rules to help reduce spam
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} ^(.*)wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !^(.*).*
RewriteCond %{HTTP_REFERER} !^http://jetpack\.wordpress\.com/jetpack-comment/ [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule ^(.*)$ - [F]
</IfModule>Slightly different, but it works for me.
