Name: Protect wp-content
Version: 1.2
Description: Denies any Direct request for files ending in .php with a 403 Forbidden.. May break plugins/themes
Rules: 
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ %relative_root%wp-content/.*$ [NC]
RewriteCond %{REQUEST_FILENAME} !^.+(flexible-upload-wp25js|media)\.php$
RewriteCond %{REQUEST_FILENAME} ^.+\.(php|html|htm|txt)$
RewriteRule .* - [F,NS,L]