That’s the entire thing that goes in the .htaccess file, just the two lines.
The first line enables Apache’s “RewriteEngine” if it’s not already on. The second looks for filenames ending in “.php~”, and if it finds a match, makes Apache return a “403 forbidden” error immediately.
I did test the rule before posting it, and it does work on our Apache 2.2 servers, at least. No guarantees beyond that!
