WordPress misconfiguration and fortinet's PHISHING alerts on website...

Viruses and worms
1

Virus Total suspicious URLs analyser Failed Status: dangerous
Kaspersky - phishing site
Sophos - malicious site
Fortinet - phishing site → https://urlquery.net/report/27b1d2bb-5ea9-49f7-bdad-8d56620d5034

See: Warning Directory Indexing Enabled
In the test we attempted to list the directory contents of the uploads and plugins folders to determine if Directory Indexing is enabled. This is an information leakage vulnerability that can reveal sensitive information regarding your site configuration or content.

/wp-content/uploads/ enabled
/wp-content/plugins/ disabled
Directory indexing was tested on the /wp-content/uploads/ and /wp-content/plugins/ directores. Note that other directories may have this web server feature enabled, so ensure you check other folders in your installation. It is good practice to ensure directory indexing is disabled for your full WordPress installation either through the web server configuration or .htaccess.

Config. leak: MySQL (3306) 3306 Port open. Server response: J 5.6.35ސÜUY=efN4Xÿ÷€@vS|9D*DVdu>mysql_native_password

“Same origin” issues C-grade status: https://sritest.io/#report/29406960-469c-424d-9551-8a961a55661c
also for the following script library that is retirable: http://retire.insecurity.today/#!/scan/82a96bc4cc30befc9eb27e8164f1499dd7dd1290517cc87a07d96939a8622cef
jQuery ? Found ‘src’ attribute in script tag
Found related JS code

Warning: DMARC check Warning Domain-based Message Authentication, Reporting and Conformance (DMARC) record not found for the domain. DMARC is an email-validation system designed to detect and prevent email spoofing. It is intended to combat certain techniques often used in phishing and email spam, such as emails with forged sender addresses that appear to originate from legitimate organizations.

Warning Mail Server greetings contain host names from the corresponding MX records

Flagged:
http://www.domxssscanner.com/scan?url=http%3A%2F%2Fmaxcdn.bootstrapcdn.com%2Fbootstrap%2F3.3.7%2Fjs%2Fbootstrap.min.js%3Fver%3D4.8.

error: line:8: Bootstrap's JavaScript requires jQuery
Where every text/javascript response gets executed. Even if we made a request to another service, like for instance -https://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js &/or -http://hotmailsigninfast.weebly.com/files/theme/mobile.js (consider the seven red out of ten on: http://toolbar.netcraft.com/site_report?url=http://hotmailsigninfast.weebly.com ).

and http://www.domxssscanner.com/scan?url=http%3A%2F%2Fmyopt.fi%2Fwp-includes%2Fjs%2Fjquery%2Fjquery.js%3Fver%3D1.12.4

error: undefined variable n

polonus (volunteer website security analyst and website error-hunter)