Why would you want to protect them all? Not all of them need protecting, in my humble opinion.
In any event, these are good to have in your .htaccess
file:
1: restrict access to wp-config.php
<Files wp-config.php>
order allow, deny
deny from all
</Files>
2: restrict access to .htaccess
itself
<Files .htaccess>
order allow,deny
deny from all
</Files>
3: put password protection on your wp-login.php
<FilesMatch "wp-login.php">
AuthType Basic
AuthName "Who are you?"
AuthUserFile "/path/to/passwd"
require valid-user
</FilesMatch>