I want to add this to the hcaccess file, but it's not there, where the tutorial says

[JDog21]

I am slowly trying to beef up security measures to my site, as I load products.

I'd like to be able to block general hack attempts. I've already changed the name of my admin folder, and now I want to do the following (from a tutorial):
-------

This should go in the .htaccess file located in the root of your Zen Cart site folder. ie: the same folder in which you find ipn_main_handler.php and index.php and page_not_found.php.

# redirects any URL that includes: record_company.php/password_forgotten.php
RedirectMatch Permanent ^/(.*[record_company.php]+)/(password_forgotten.php)$ /page_not_found.php

# redirects any URL that includes: /images/wp- with 'wp-' being anything that ends with '.php'
# this allows for images named such as 'wp-header.jpg' to work
RedirectMatch Permanent ^/(.*[images]+)/(wp-.*\.php)$ /page_not_found.php

NOTE: If your store's files are located in another folder, add that folder in the /page_not_found.php (both places)

---------------
Simple. I copy the code, paste it in my htaccess file (the one located in my root directory, as described).

Only 1 problem. There is NO htaccess file in the root directory where the other two specified files are located. The tutorial says to add to the htaccess file located there; not create one. So, why the apparent error?
Also, if I plan to upgrade to 1.3.9, is this a moot point, since all the security patches should already be there, or is this a separate enhancement?

Comments?