This linux shell script can be used to insert .htaccess files with protective antihack code into wp-content and wp-includes folders located in /home/*/public_html recursivelly. Script copies new file only if file with that content do not exist or dont have that content.
script can be inserted in an /etc/cron.*** folder and made executable (chmod 700 scriptname) to run regularly
This script is made to work on WHM/cpanel server
Code:
echo "Script to create protective .htaccess files in wp-content and wp-includes in all accounts in /home/*/public-html
Script wont overwrite existing if they contains protection rule"
[email protected]
timestart=$(date)
# empty temporary files
>/tmp/wordpress_paths_wpcontent
>/tmp/wordpress_paths_wpincludes
####### HTACCESS CODES ########
# htaccess code into wp-includes
echo "RewriteRule ^(wp-includes)\/.*$ ./ [NC,R=301,L]" > /tmp/.htaccess
# htaccess code into wp-content
echo "# protect hosting account from directly executing htm* php* and js files
<Files *.php*>
Deny from All
</Files>
<Files *.js>
Deny from All
</Files>
<Files *.htm*>
Deny from All
</Files>
# Disallow listing files in this folder & subfolders
Options All -Indexes" > /root/.htaccess
########
for username in $(ls -A1 /var/cpanel/users/ | grep -v system); do
>/tmp/wordpress_paths_wpcontent
nice -n 19 find /home/$username/public_html -type d -name "wp-content" >> /tmp/wordpress_paths_wpcontent
for wppath in $(cat /tmp/wordpress_paths_wpcontent);do
htalookup=$(cat $wppath/.htaccess | grep "<Files" > /dev/null 2>&1)
if [[ "$htalookup" != *"<Files"* ]];then
chown $username:$username /root/.htaccess
cp -rp /root/.htaccess $wppath
fi
done
>/tmp/wordpress_paths_wpincludes
nice -n 19 find /home/$username/public_html -type d -name "wp-includes" >> /tmp/wordpress_paths_wpincludes
for wppath in $(cat /tmp/wordpress_paths_wpincludes);do
htalookup=$(cat $wppath/.htaccess | grep "RewriteRule" > /dev/null 2>&1)
if [[ "$htalookup" != *"RewriteRule"* ]];then
chown $username:$username /tmp/.htaccess
cp -rp /tmp/.htaccess $wppath
fi
done
done
dateend=$(date)
echo "$(hostname) script to copy htaccesses to wordpress folders. Runtime to see how often i can run it:
START: $datastart
ENDDD: $dataend
This mailing can be stopped by commenting out mailing line in the script by placing # at the line beginning." | mail -s "wordpress-htaccess-copier script" $adminmail
it worked for me, but you are using this on your risk. i dont guarantee anything
PS: if anyone want me to modiffy this script, i can do this for like $10 fee, or advice here in this topic
Bookmarks