Stop Unwanted Bots with .htaccess file

I am running a shared install of wordpress. When i look at my stats i see the following

identified by 'bot' followed by a space or one of the following characters _+:,.;/\-)

I do have separated entries for google bot and bing Bot in my stats

I have the following code in my .htaccess file after all the wordpress related code.

# BLOCK BAD BOTS
<IfModule mod_setenvif.c>
Options +FollowSymlinks
RewriteEngine On
RewriteBase /  

 SetEnvIfNoCase User-Agent "^$" keep_out
 SetEnvIfNoCase User-Agent ^$ keep_out
 SetEnvIfNoCase User-Agent (casper|cmsworldmap|diavol|dotbot)   keep_out
 SetEnvIfNoCase User-Agent (flicky|ia_archiver|jakarta|kmccrew) keep_out
 SetEnvIfNoCase User-Agent (libwww|planetwork|pycurl|skygrid)   keep_out
 SetEnvIfNoCase User-Agent (purebot|comodo|feedfinder) keep_out
 SetEnvIfNoCase User-Agent (scanner|crawl|robot|spider) keep_out
 <Limit GET POST PUT>
  Order Allow,Deny
  Allow from all
  Deny from env=keep_out
 </Limit>
</IfModule>

RewriteCond %{HTTP_REFERER} ^-?$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^-?$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^bot [OR,NC]
RewriteCond %{HTTP_USER_AGENT} bot[\ _+:,.;/\\-] [OR,NC]
RewriteCond %{REQUEST_METHOD} !^HEAD$ [OR,NC]
RewriteCond %{REQUEST_URI} !^/robots\.txt [NC]
RewriteRule .* - [F,L]

NOTE I have put the code at the end of all the wordpress related code in the .htaccess file.

But i am still getting hit by some bot named “bot“

I have the following question:

Should i put the blocking code before any other code in the .htaccess file?

How can i stop a bot that starts with the name “bot” i already have the following and it doesn’t work

RewriteCond %{HTTP_USER_AGENT} bot[\ _+:,.;/\\-] [OR,NC]

Any other related articles ans suggestions will be helpful.

Thanks