closes #193 - block access to files that show WordPress version

inc/h5bp-htaccess

@@ -6,6 +6,9 @@
 ### This contains the HTML5 Boilerplate .htaccess that can be found at:
 ###  github.com/h5bp/html5-boilerplate/blob/master/.htaccess
 ###
+### Added:
+###  Block access to access to WordPress files that reveal version information.
+###
 ### Commented out by default:
 ###  Expires headers:      Use WP Super Cache or W3 Total Cache (unless using the H5BP build script)
 ###  ETag removal:         Use WP Super Cache or W3 Total Cache (unless using the H5BP build script)
@@ -494,6 +497,14 @@ AddCharset utf-8 .css .js .xml .json .rss .atom
 </FilesMatch>
 
 
+# Block access to WordPress files that reveal version information.
+<FilesMatch "^(wp-config\.php|readme\.html|license\.txt)">
+  Order allow,deny
+  Deny from all
+  Satisfy All
+</FilesMatch>
+
+
 # If your server is not already configured as such, the following directive
 # should be uncommented in order to set PHP's register_globals option to OFF.
 # This closes a major security hole that is abused by most XSS (cross-site