After some banging around in mod_rewrite, I sorted out how to prevent prying fingers from directly executing PHP modules that are contained within the wp-content and wp-includes directories. With few exceptions, PHP modules in these directories should not be directly access by a browser client.