A well configured server will not need much tweaking. As you can see in my htaccess file, it is just the default that comes with Joomla, save for the 2nd and 3rd lines, which basically redirect mydomain.com to
www.mydomain.com
(Visitors will always end up on
www.mydomain.com
regardless of whether or not they type in www)
The second block is for SEF and the last block is the basic security directives that comes default with JoomlaRewriteEngine On
RewriteCond %{HTTP_HOST} !^www.mydomain.com$ [NC]
RewriteRule (.*) http://www.mydomain.com/$1 [R=301,L]
RewriteCond %{REQUEST_URI} ^(/component/option,com) [NC,OR]
RewriteCond %{REQUEST_URI} (/|\.htm|\.php|\.html|/[^.]*)$ [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule (.*) index.php
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]
I have my own server so all the measures suggested by the Joomla security experts are implemented server wide, and not on a site by site basis with htaccess.
In my first experience with Joomla back in 06, I was on a shared server and promptly had four websites hacked. It was a server security issue as along with my four, over 40 other Joomla sites on the same server were were compromised, all within a span of two days. I dropped the host like a hot potato and got my own VPS, which gets between 10 and 400 probes a day from script kiddies but has stood strong for over a year.
Moral of the story... shared hosting sucks.