如何防止我的wordpress从另一个ip请求jquery？

My wordpress is infected by malware. I found malicious code attached right after jquery codes in every js file.

Also I found multiple requests being made to unknown host/ip. I'm unable to find which script makes this call.

So I'm thinking to block any request to third party domain or IP via htaccess. But it doesn't seem to work.

Please advice the correct way to write this.

path to .htaccess file:

public_html\.htaccess

The content if it (before changes):

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

I tried:

attempt 1 //but I don't think this is relevant as it's meant for incoming requests

order allow,deny allow from all deny from 134.249.116.78

attempt 2

Deny from 134.249.116.78

This is how network tab looks like:

And the header like this:

You will need to do this at the Web Server level of your stack. In your case using Apache configuration.

Specifically, the important one for your question is:

Header always append X-Frame-Options SAMEORIGIN

Additionally for the issue of XSS

 Header set X-XSS-Protection “1; mode=block”

It should be noted that is not all that is necessary to lock down a server and that will not stop all XSS but it is a step towards a more secure server environment.