I'm not an expert, and I do not know if that's exactly the answer you want, but I'll give you some tips on what I've seen.
First of all in% of your site
disable directories so that they do not appear in search engines, see example: (directory names will depend on what you have in root)
User-agent: *
Disallow: /administrator/
Disallow: /administrator
Disallow: /cache/
Disallow: /cli/
Disallow: /components/
Disallow: /images/
Disallow: /includes/
Disallow: /installation/
Disallow: /language/
Disallow: /libraries/
Disallow: /logs/
Disallow: /media/
Disallow: /modules/
Disallow: /plugins/
Disallow: /templates/
Disallow: /tmp/
Then create a index.html blank file at the root of each of these directories , so if someone tries to get in directly through the folder path it will fall on a page in white ...
<!DOCTYPE html>
<html lang="en">
<head>
<title>Document</title>
</head>
<body></body>
</html>
And finally, try to "masquerade" that you are using WordPress, remove or rename the codes you have written Wordpress, such as robots.txt
in <meta name="generator" content="WordPress.com" />
your company.