See: https://urlscan.io/result/81f3bd83-1b8b-4878-9e35-1b58d3ab1cdf/
7 issues: WordPress Version
4.7.20
Version does not appear to be latest
PHP/5.6.40
WARNING: PHP 5.6.40 is end of life
WordPress Plugins
The following plugins were detected by reading the HTML source of the WordPress sites front page.
Plugin Update Status About
autoptimize 2.4.4 Warning latest release (2.8.3)
https://autoptimize.com/
js_composer Unknown
wp-super-cache 1.6.4 Warning latest release (1.7.3)
https://wordpress.org/plugins/wp-super-cache/
woocommerce 2.6.8 Warning latest release (5.2.2)
https://woocommerce.com/
contact-form-7 4.9.2 Warning latest release (5.4.1)
https://contactform7.com/
Plugins are a source of many security vulnerabilities within WordPress installations, always keep them updated
User Enumeration
The first two user ID’s were tested to determine if user enumeration is possible.
Username Name
ID: 1 admin admin
ID: 2 not found
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. Take note that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.
Only the first two user ID’s are tested during this analysis, try the advanced membership options for detailed enumeration of users, themes and plugins.
polonus