Word Press CMS seems correctly installed.
Over average security but recommendations for x-frame options header: https://observatory.mozilla.org/analyze.html?host=scoreherohackweb.wordpress.com General D-grade score status.
SRI hashes not being generated, but all scripts loaded over https
Retirable jQuery library detected: http://retire.insecurity.today/#!/scan/902d56cb8a4777b032c88f671a82e2307287be14bd30f879e872f9af37fe4ce4
Privavcy issues: https://privacyscore.org/site/34026/ (vuln. to Sweet32 and Lucky13 attacks).
Sources and sinks found: http://www.domxssscanner.com/scan?url=https%3A%2F%2Fscoreherohackweb.wordpress.com
polonus (volunteer website security analyst and website error-hunter)