This should be every month. It’s not whether you will be hacked, it’s when.
Secure WordPress Hosting
Version controls
Hardening User Passwords (root&Admin)
Two-Factor Authentication
HTTPS – SSL Certificate
Hardening wp-config.php
Disable XML-RPC
Hide WordPress Version
HTTP Security Headers
WordPress Security Plugins
Data Security and Backups
Secure Connections
File and Server Permissions