I built into my CMS an automated scanner that checks hashes on system files and sends alerts if there are any changes detected. (also for any files that shouldn't be there)
I can't imagine this would be hard to add to Wordpress or any other system?
Edit: The advantage of this system is that I don't have to know about any threats specifically (ie, no data management on threats) to keep them out, so there is no cat/mouse games.
(maybe this is how this scanner works also? I can't tell from the github docs.)
You could also use a generic File integrity monitor for something like this (e.g. tripwire https://github.com/Tripwire/tripwire-open-source )