Outdated Webserver Software Found, but is there more?

Viruses and worms
1

See: https://www.virustotal.com/nl/url/3f6a8da10a5c598e10de44e2a154e48eaf886f128945307980809359057faab8/analysis/1415536120/
Bitdefender flags.
Quttera gives blacklisted esternal links and domains: http://quttera.com/detailed_report/bobwolfgramagency.com
Outdated Webserver Software found: Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/1.0.0-fips DAV/2 mod_bwlimited/1.4
Two IDS alerts recently - >
2014-11-07 13:38:44 3 urlQuery Client 69.171.237.20 SURICATA TLS invalid handshake message
2014-11-07 13:38:44 3 69.171.237.20 urlQuery Client SURICATA TLS invalid handshake message
see; https://www.virustotal.com/nl/ip-address/69.171.237.20/information/

Security Headers for htxp://bobwolfgramagency.com
Using user-agent for Chrome 31.0-MacOSX

Result Category Name Actual Value Our Recommendation Show All Details
Missing Framing X-Frame-Options Use ‘sameorigin’
Missing Transport Strict-Transport-Security Use ‘max-age=31536000; includeSubDomains’
Missing Content X-Content-Type-Options Use ‘nosniff’
Correct Content Content-Type text/html; charset=UTF-8 Use ‘text/html;charset=utf-8’
Missing XSS X-XSS-Protection Use ‘1; mode=block’ Details
Missing Caching Cache-Control Use ‘no-cache, no-store, must-revalidate’
Missing Caching Pragma Use ‘no-cache’
Missing Caching Expires Use ‘-1’
Missing Access Control X-Permitted-Cross-Domain-Policies Use ‘master-only’
Missing Content Security Policy Content-Security-Policy Try Content-Security-Policy-Report-Only to start. Include default-src ‘self’, avoid ‘unsafe-inline’ and ‘unsafe-eval’
Warning Server Information Server Apache/2.2.25 (Unix)…/2 mod_bwlimited/1.4 Avoid version numbers
Warning Server Information X-Powered-By PHP/5.3.26 Avoid header
Warning Server Information X-Pingback htxp://bobwolfgramagency.com/xmlrpc.php Avoid header and disable XML-RPC.
See: http://www.site-scan.com/eng/show_headers.php?REQUEST=GET&URL=htxp://bobwolfgramagency.com&MODIFIED=0

XSS vuln. Results from scanning URL: htxp://bobwolfgramagency.com/wp-content/plugins/mailchimp/js/scrollTo.js?ver=1.4.2
Number of sources found: 43
Number of sinks found: 19
Results from scanning URL: htxp://bobwolfgramagency.com/wp-content/themes/genesis/lib/js/menu/superfish.args.min.js?ver=2.1.2
Number of sources found: 14
Number of sinks found: 17 theme script should be checked for iFrame vulnerability

polonus