Check that you have the latest version of WordPress.
Check that automatic updates are turned on.
Check that you have the latest version of all plugins.
Check that you have strong passwords.
Check that you have 2-factor authentication (2FA) enabled.
Check that you have a plugin to protect you from brute force password attacks.
Check that, if you’re using passwords to log in, your login form is HTTPS only.
Check that there’s no account named admin for your site.
Check that you are not developing over an insecure channel (like FTP).
Check that the folders in your WordPress installation have the correct permissions.
Check that the files in your WordPress installation have the correct permissions.
Check that your separate WordPress sites use separate databases.
Check that your database is not using the default wp_ table prefix.
Check that your database user has the minimum necessary set of permissions.
Check that your wp-config.php file is protected.
Check that your wp-includes folder is protected.
Check that you have a secure .htaccess file.
Check that file editing from the dashboard is disabled.
Change your domain listing to private, if customers want to find out more about you and your company, create an information page for them.