Every organization that has ever suffered a catastrophic WordPress failure believed, right up until the moment it happened, that everything was fine.
The database was "fast enough." The backups were "probably working." The security was "handled by the hosting provider." The deployment process was "whatever Dave does."
Hope is not a strategy. Assumptions are not architecture.
An infrastructure audit exists to replace what you believe about your systems with what you know. It is the difference between a pilot who checks instruments before takeoff and one who just starts the engine and hopes for the best.
The audit does not fix anything. It tells you the truth. What you do with it determines whether you are serious about your infrastructure or just performing seriousness.