Most common things you need to follow will be:
1. Adding cloudflare for your domains which will protect your domains from Unwanted Traffic/Attack/Bot Access
2. Add robots.txt to understand Search engines to crawl your sites.There are lot of Crawl bots which will give unwanted traffic to your websites which will also cause Overloading on servers like (EP hits)
So create an robots.txt file under your public_html and place the below code :
User-Agent: *
Disallow: /User-Agent: Googlebot
Allow: /
If you want to add any other search engines to crawl your site you can add it in the above code
Follow the Above steps for all your domains which is an recommended thing !
For WordPress Users kindly change the File permission of 2 files under your WordPress root wp-cron.php and xmlrpc.php to Permission 000
You can change it from your cPanel > Filemanager As these 2 files will cause overloading on servers by giving unwanted traffic
Add Heart Beat Plugin to control the admin-ajax.php Once installed WP Admin > Settings > Heartbeat Control > Disable the heartbeat for All 3 Options and click save
Add loginizer which will protect your sites from WP Login attacks (These attacks on most common your websites will be facing daily) So its best way to change your WP Admin portal URL (VERY RECOMMENDED)
Keep your WP Core,Plugins,Themes Up to date
Remove any Un-used themes or plugins
Don’t use Jetpack Plugin as it will Eat the Resource