Check: WordPress Plugins
The following plugins were detected by reading the HTML source of the WordPress sites front page.

wp-pagenavi latest release (2.91)
http://lesterchan.net/portfolio/programming/php/
contact-form-7 latest release (4.4.2)
http://contactform7.com/
revslider

Misconfiguration: Warning User Enumeration is possible
The first two user ID’s were tested to determine if user enumeration is possible.

ID User Login
1 None
2 Admin admin2
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. However it is important to understand that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.

SRI Hash report = B-Status: https://sritest.io/#report/c68b1610-db94-4a51-831b-edd7f4c16b28

For the code with missing hash: http://www.domxssscanner.com/scan?url=https%3A%2F%2Fwww.google.com%2Frecaptcha%2Fapi.js
→ //jsunpack.called CreateElement script //jsunpack.url element = https://wXw.gstatic.com/recaptcha/api2/r20160615154650/recaptcha__en.js

found JavaScript
     error: undefined variable s
     info: [element] URL=wXw.gstatic.com/recaptcha/api2/r20160615154650/_en.js

error because resourcing is really needed here.

landing: http://www.domxssscanner.com/scan?url=https%3A%2F%2FwXw.gstatic.com%2Frecaptcha%2Fapi2%2Fr20160615154650%2Frecaptcha__en.js
→ ActiveXDataObjectsMDAC detected Microsoft.XMLHTTP iFrame code.

polonus (volunteer website security analyst and website errror-hunter)