The top entry is good. It is probably from your Sucuri plugin if you or your security guy didn’t put it there yourself. I also am recovering from a hack. Mine has the same entry plus one more. I found your post trying to answer the same question for myself.
* Don’t forget to check your file permissions!
<Files *.php>
deny from all
</Files>
<Files wp-tinymce.php>
allow from all
</Files>
<Files ms-files.php>
allow from all
</Files>
