This linux shell script can be used to insert .htaccess files with protective antihack code into wp-content and wp-includes folders located in /home/*/public_html recursivelly. Script copies new file only if file with that content do not exist or dont have that content.

script can be inserted in an /etc/cron.*** folder and made executable (chmod 700 scriptname) to run regularly

This script is made to work on WHM/cpanel server

Code:
echo "Script to create protective .htaccess files in wp-content and wp-includes in all accounts in /home/*/public-html
Script wont overwrite existing if they contains protection rule"


[email protected]
timestart=$(date)


# empty temporary files
>/tmp/wordpress_paths_wpcontent
>/tmp/wordpress_paths_wpincludes


####### HTACCESS CODES ########


# htaccess code into wp-includes
echo "RewriteRule ^(wp-includes)\/.*$ ./ [NC,R=301,L]" > /tmp/.htaccess


# htaccess code into wp-content
echo "# protect hosting account from directly executing htm* php* and js files


<Files *.php*>
Deny from All
</Files>


<Files *.js>
Deny from All
</Files>


<Files *.htm*>
Deny from All
</Files>


# Disallow listing files in this folder & subfolders


Options All -Indexes" > /root/.htaccess


########






for username in $(ls -A1 /var/cpanel/users/ | grep -v system); do


>/tmp/wordpress_paths_wpcontent
nice -n 19 find /home/$username/public_html -type d -name "wp-content" >> /tmp/wordpress_paths_wpcontent


for wppath in $(cat /tmp/wordpress_paths_wpcontent);do
htalookup=$(cat $wppath/.htaccess | grep "<Files" > /dev/null 2>&1)
if [[ "$htalookup" != *"<Files"* ]];then
chown $username:$username /root/.htaccess
cp -rp /root/.htaccess $wppath
fi
done


>/tmp/wordpress_paths_wpincludes
nice -n 19 find /home/$username/public_html -type d -name "wp-includes" >> /tmp/wordpress_paths_wpincludes


for wppath in $(cat /tmp/wordpress_paths_wpincludes);do
htalookup=$(cat $wppath/.htaccess | grep "RewriteRule" > /dev/null 2>&1)
if [[ "$htalookup" != *"RewriteRule"* ]];then
chown $username:$username /tmp/.htaccess
cp -rp /tmp/.htaccess $wppath
fi
done


done


dateend=$(date)
echo "$(hostname) script to copy htaccesses to wordpress folders. Runtime to see how often i can run it:
START: $datastart
ENDDD: $dataend
This mailing can be stopped by commenting out mailing line in the script by placing # at the line beginning." | mail -s "wordpress-htaccess-copier script" $adminmail


it worked for me, but you are using this on your risk. i dont guarantee anything

PS: if anyone want me to modiffy this script, i can do this for like $10 fee, or advice here in this topic