Website reported as blocked

hello,
I report here the request of an user on the French forum who has a problem with the site of which he is administrator, he informed avast by the link “false positive” (end of January), but still has no answer .
If an evangelist could bring up the problem (or avast to take note here), I would follow the user who obviously masters English even less than me.
https://forum.avast.com/index.php?topic=215184.0
traduc

Hello, I am a customer at avast and the administrator of the site hxxp://chymeres.org/ My site has been blocked by avast for several weeks but does not seem to be blocked by other antiviruses. In addition, my host OVH did not mention any infection and looking through an FTP client, I found nothing suspicious. I tried twice to report the problem with this link https://www.avast.com/en-us/false-positive-file-form.php without having an answer. I would like to know if my site is still a risk and if avast can tell me the precise cause for me to fix the problem.
Thanks for him.

Blacklisted
https://www.virustotal.com/#/url/cb36b1ec0487e6e743cfa19d220c3449b3df98bf7c138585372ccd5171fcd278/detection

Domain owner should ask for an exclusion to what is most probably a general IP block:
https://ransomwaretracker.abuse.ch/ip/213.186.33.87/

CMS configuration seems OK, paased all OK: Google Safe Browse: OK; Spamhaus Check: OK; Compromised Hosts: OK ; Dshield Blocklist: OK; Shadowserver C&C:

F-Grade status and recommendations for security improvement: https://observatory.mozilla.org/analyze.html?host=chymeres.org

See: https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=chymeres.org%2F&ref_sel=GSP2&ua_sel=ff&fs=1

No vulnerable libraries: http://retire.insecurity.today/#!/scan/d05a2e8d3f1bb56561e4d249767f8d6a1c00913aee9c7f9e30bf1f4910f086ad

Wait for an avast team member to give a final verdict, as we here are just volunteers with relevant knowledge,
but only avast team members can come and unblock.

polonus (volunteer website security analyst and website error-hunter)

https://zulu.zscaler.com/submission/f6591f8e-6b63-46f2-b887-921feea71b3c

Word Press CMS is outdated and should indeed be updated (manually),
Directory Listing is enabled, that is a wrong config setting,

See: https://hackertarget.com/wordpress-security-scan/
Reputation Check
PASSED
Google Safe Browse: OK
Spamhaus Check: OK
Compromised Hosts: OK
Dshield Blocklist: OK
Shadowserver C&C. OK

Additional advice: No 3rd party trackers on this site.

Since there are no third party dependencies preventing it, why don‘t you ask chymeres.org to adopt SSL by default?

polonus

Hi guys, Honza answered in the French thread: https://forum.avast.com/index.php?msg=1447547