We have a WordPress protocol that we enact with cyber security clients, the hosting clients who buy into the full support package and it comes as part of the “Be the Best Consultant You Can website package“. It is needed as WordPress sites are very prolific and so they are a “target rich environment” for the threat actors out there
This article on The Register briefly looks at the anatomy of a WordPress site attack that injects JavaScript into a site to redirect visitors to a malicious web site.
Why miscreants inject JS into compromised WordPress sites • The Register