HostGator Default Wordpress htacess file

#1

I am a customer of Hostgator in a shared environment and are constantly getting smashed by malware.
I created a new wordpress site from their default installer and the htaccess file their system created doesn’t look right to me.
Given that all advice givejn to me so far is how bad a shared hosted environment is I am so suspect on everything at the moment.
The htaccess file is below any assistance would be greatly appreciated.

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase //
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/cpanel-dcv/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/(?:\ Ballot169)?
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/cpanel-dcv/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/(?:\ Ballot169)?
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule . //index.php [L]
</IfModule>
# END WordPress
#2

The .htaccess is fine, it’s redirecting everything that isn’t a file, directory or one of the well .well-known paths required to set up an SSL certificate to index.php.

If you get hammered by malware it’s probably a vulnerability in wordpress core or one of plugins. Are you keeping all of those up to date?