Re: 1 vulnerable jQiery library detected: https://retire.insecurity.today/#!/scan/496ae1bb5d8ce36e1e1a483d568b6ee2adb4fbbe595a62a2c886d87be2a3b0e5

Warning User Enumeration is possible The first two user ID's were tested to determine if user enumeration is possible.

ID User Login
1 youjizz3.info youjizz3-info
2 None None
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. However it is important to understand that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.

Only the first two user ID’s were tested with this scan, use the Nmap NSE enumeration scripts (use your own Nmap installation or try the adanced membership option ) to discover additional user ID’s.

DNS → -http://youjizz3.info/
GoogleSafe:
OK Load:
1157ms Server: 104.31.79.237
cloudflare ASN: 13335 United-States
Cloudflare Inc Reverse DNS: -https://observatory.mozilla.org/analyze/http://youjizz3.info
Re: Scan Failed: The Mozilla SSH Observatory scans from sshscan.rubidus.com at 45.55.176.164.https://observatory.mozilla.org/analyze/http://youjizz3.info#tls
F-grade security → https://securityheaders.com/?followRedirects=on&hide=on&q=youjizz3.info
No HSTS-header - No redirect from HTTP.

12 Security Check Issues: https://webscan.upguard.com/#/http://youjizz3.info
The server sent a Powered- By header, this may leak server technology and version information.
Re: PHP/5.3.3 &

F-status: he web server supports some insecure HTTP methods.
Misconfiguration or weakness
Some HTTP headers related to security and privacy are missing or misconfigured.
Misconfiguration or weakness
Some cookies have missing secure flags or attributes.
Misconfiguration or weakness

191 security related recommendations: https://webhint.io/scanner/d67abb87-80b7-421b-a5b1-4ab74a2ac578#Security
Site outdated and security risks: https://sitecheck.sucuri.net/results/youjizz3.info

Fortinet’s Web Filter flags malware: https://urlquery.net/report/9bd73a8f-2e2b-4ae8-a1ee-07c8ffd41037

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)

When we look at the code we also stumble upon Wordpress emoji code, see line 14 etc.
at https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=eV11alt6ejMuW25mXWA%3D~enc

For another example: https://forum.avast.com/index.php?topic=175087.0
This is why one should remove this in the header:
https://www.denisbouquet.com/remove-wordpress-emoji-code/

polonus

This one turned up HTTP/1.1 503 Service Unavailable → https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=al1nfXVwLn1dYGpzYHB9XXRddHlwe2BwfV10XXR5cHsuanM%3D~enc

Well, it is a site under construction and yet insecure! → https://urlscan.io/result/fe301a72-e08a-43fc-8a43-bf4693b7be8f

Fortinet’s flags: https://urlquery.net/report/3ebcdf46-acfc-4e26-8c3e-ea6d6e039c03
Word Press Version does not appear to be latest 4.9.8 - update now.
Reputation Check
WARNING
Google Safe Browse: FOUND
Spamhaus Check: Compromised.
Malware alerted: https://www.virustotal.com/#/url/3d368b996145deb999606ccdd4c1ebe4497fc48bd81a8d09db49ac3244979b36/detection
Spam IP reported: https://cleantalk.org/blacklists/93.113.240.203

10 security hints given: https://webhint.io/scanner/e450831e-e4ea-4b0d-acaa-715cbb1a7fbb#Security
and retirable jQuery library: https://retire.insecurity.today/#!/scan/4f0ccae814ededdd2183ed713da977ac723646abfa465e60530768791d205739

polonus

3 flag site as not safe: https://www.urlvoid.com/scan/welch4inc.com/

And then we have this PHISHING website: https://urlquery.net/report/8878c4db-4745-4ef8-b4f1-d2a1b18a87f1
WordPress Version
4.7.11
Version does not appear to be latest.

Misconfiguration

Warning Directory Indexing Enabled
In the test we attempted to list the directory contents of the uploads and plugins folders to determine if Directory Indexing is enabled. This is an information leakage vulnerability that can reveal sensitive information regarding your site configuration or content.

/wp-content/uploads/ enabled
/wp-content/plugins/ disabled
Directory indexing was tested on the /wp-content/uploads/ and /wp-content/plugins/ directores. Note that other directories may have this web server feature enabled, so ensure you check other folders in your installation. It is good practice to ensure directory indexing is disabled for your full WordPress installation either through the web server configuration or .htaccess.

Blacklisted: https://sitecheck.sucuri.net/results/welch4inc.com

9 security related recommendations: https://webhint.io/scanner/631985d6-bcd2-4158-9e74-6bec07e33525#Security
See also: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=d3d3Lnd7bF5oNFtuXi5eXW0%3D~enc

Also see these relations: 0n -http://www.zakka.com/index/jump/?url=-http://www.sistemasparaweb.com.br/
Number of sources found: 2
Number of sinks found: 65
&
On -http://www.welch4inc.com/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=4.6
Number of sources found: 18
Number of sinks found: 9

polonus