Lock attacks by adding IP deny to htaccess when specific 404 page request

Hi,

I have some intrusion atempts on my blog that ends by 404 http status.

So i built a script that cacth the requested url and then it checks if there is a chain corresponding to “/wp-includes/” or “/wp-content/” in it.

Finally it adds a “deny the client IP line” in htaccess when this happend to be true.

All is good when typing an url in browser in this case.

But I need this script to be on a lower level, before template loadings, even before the server sends the HTTP status header 404 code to the client.

Is there way to do that whitout having wordpress updates erasing the hack. Maybe with templates functions ?

I’ve seen these functions that looks intersting :
/wp-includes/class-wp-http-response.php/

I’m not a strong developer and english is not my first language,
Thanks for your help, and sorry if i wrote mis-spelings,