Security
Block requests to non-existent Wordpress
Did you ever take a look at the log files of your web applications and see something like this? ... POST /wordpress/wp-login.php ... ... GET /wp-content/.env ... ... GET /?rest_route=/wp/v2/users/ ... ... GET /wp-content/plugins/fix/up.php ... ... GET /wp-login.php ... Some of these might be normal if you had