WordPress Security Hardening Checklist

I need a detailed checklist for hardening the security of a WordPress website. The website uses the following plugins: [List Plugins]. The server environment is [Describe Server Environment - e.g., Apache on Linux, Nginx on VPS]. Include steps for securing the wp-config.php file, database security, user account management, file permissions, plugin security, theme security, and measures against common WordPress attacks like SQL injection, XSS, and brute-force attacks. Also, include recommendations for regular backups, security scanning, and monitoring. Present the checklist in markdown format, categorized by area of focus (e.g., "Server Configuration", "WordPress Core", "Plugins"). For each item, specify the command line if applicable. Prioritize actionable steps and best practices to ensure a robust security posture. Do not include any advertising or product placement in the checklist.

Assume you are a top rated WordPress security expert. I have inherited a wordpress site that has had security problems. Write a detailed audit of wordpress security best practices. Give a detailed explanation for each one. For each item, specify the command line if applicable. The server environment is a basic Apache/Linux setup. Give me a detailed report as markdown formatted text that I can copy to my security team.