You should wrap that in a module check.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule \.php~$ - [F,L]
</IfModule>And place it above the WordPress rules in the htaccess file, but of course it would make more sense to use an editor that doesn’t place backups with odd extensions onto the server.
If this is a legitimate problem, the host should impose the restriction already.
You could also expand the matching, just incase some sneaky fella finds a way to use something other than a tilde..
RewriteRule \.php([^\?]+)$ - [F,L]Anything not a question mark, after the extension, question marks are obviously expected for query strings.