With website security we always will find some issue - it never ends!

Once Google Blacklisted now given as all green.
Two warnings still here: https://asafaweb.com/Scan?Url=www.mconab.se
Great - A results here, all same origin: https://sritest.io/#report/d9b3cc90-3495-46ca-986e-54e6c354a471
Some issues on some script: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.mconab.se
WordPress scan all clean. jQuery OK: http://retire.insecurity.today/#!/scan/6eb1fde4aae573f8cb2e1c570c4327b78987c21632c0e50d3779992a47d98d87
Three issues: https://mxtoolbox.com/domain/www.mconab.se/
Issues: http://www.dnsinspect.com/mconab.se/1466085932

polonus

So a first evaluation here showed us the weaknesses are not particularly in the website code, CMS etc. but more towards the DNS and hosting side of that domain. Let us have some closer look there.
A scan like this one: https://seomon.com/domain/www.mconab.se/performance/ also deliver additional interesting security info for us.
MX
‘MX’ records not found
Others
‘mx’ records not found
CNAME
TTL Target Same
14400 web3.remote24.se 1
And it is just as I said, DROWn vulnerable target: https://test.drownattack.com/?site=web3.remote24.se

1 suggestion and 4 warnings: https://seomon.com/domain/www.mconab.se/html_validator/
error here: http://www.domxssscanner.com/scan?url=https%3A%2F%2Fapi.w.org%2F’+href%3D’http%3A%2F%2Fwww.mconab.se%2Fwp-jsonhttps://codex.wordpress.org/WordPress.org_API
Also compare with: https://aw-snap.info/file-viewer/?tgt=http%3A%2F%2Fwww.mconab.se&ref_sel=GSP2&ua_sel=ff&fs=1
Content not received for: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.mconab.se%2Fwp-json%2F
landing on tooltip.js → < sc​ript type=‘text/javascript’ src=hxxp://www.mconab.se/wp-content/themes/Centum/js/tooltip.js?ver=4.5.2’> < / sc​ript >
See: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.mconab.se%2Fwp-content%2Fthemes%2FCentum%2Fjs%2Ftooltip.js%3Fver%3D4.5.2
Javascipt code error detected:

 script
     info: [decodingLevel=0] found JavaScript
     error: line:4: SyntaxError: missing } after function body:
          error: line:4: </div></div>' , trigger: 'hover' , title: '' , delay: 0 } }(window.jQuery); 
          error: line:4: ...............................................................................^

Well, add one more }); at the end to close the function. It is either the } or the semi-colon.
Error may work through as a server bug as well. That is why the folowing proliferation may be a give-away.

7 reds out of 10: http://toolbar.netcraft.com/site_report?url=http://www.mconab.se
Windows Server 2008 has server header info proliferation → Apache/2.4.3 Win32 OpenSSL/1.0.1c PHP/5.6.21

The offensive code that once did lead to a Google Safebrowsing block, now cleansed, see: http://sakrare.ikyon.se/log.php?id=148929
which was -web3.remote24.se abuse

Domain whois: https://whois.domaintools.com/mconab.se

We are delving deep into this website’s aspects, but that is what it takes to be able to better protect others,
anyhow chapeau for those that sre maintaining this website online, I wish many another site had that website security implemented.
Certainly a site for the Hall of Fame, a bit of a pity the hoster isn’t that security aware, but average.

Third party tested by,

polonus (volunteer website security analyst and website error-hunter)