I think have mentioned it several times on similar topics, it all starts with a proper hosting and with what it provides you. Of course the site should also follow some basic rules such as updates, maintenance core etc. Having a hosting company we maintain a large volume of customers with to much plugins and themes that is not update.
Although our servers are shared hosting we do not leave it to the mercy of God. of course we have doubled the cost for custom or premium systems that a server could have for such or similar reasons, but it is preferable for us.
I can certainly not say that it is 100% safe or that our wall is impassable, but so far we have blocked a large volume. The biggest problem we face, is that in mail they use passwords "123456" with the result that it falls victim to spam and we have problems such as with blacklists, etc.... Yes, unfortunately we are dealing with such ridiculous issues.
Now, in terms of the issues you are facing, are you sure that you have found the causes? I did not understand and I apologize for that, if you are talking about for clues or proofs?
PS: plugins as mentioned in the above posts "wp hide" and other similar, if you use a simple site then you will not have a problem with these plugins, but if you have a complex site, then these plugins may make life difficult. But it is definitely a solution.