Well the WordPress CMS might be up to date, bu major config settings are wrongly set, which means quite some risk through means of excessive info proliferation:
User Enumeration The first two user ID's were tested to determine if user enumeration is possible.
ID User Login
1 Randy Fougere admin
2 None None
Cmseek detection gives username = admin
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. However it is important to understand that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.
Linting denotes next recommendation to make website a tad more secure:
https://webhint.io/scanner/ffe201ff-d075-4ebb-9566-e672449459b2 rather
https://webhint.io/scanner/ffe201ff-d075-4ebb-9566-e672449459b2#category-securityAs Michael(alan1998) says, wait for a final verdict by an avast team member, as we are just volunteers with relative knowledge in the field of website security analysis and error-hunting, but only avast team members can come and unblock.
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
P.S. By many designers Word Press CMS is still being considered a can of worms, because the underlying intrinsic insecurity of PHP,
especially in the hands of amateurs and designers that favor a "licked" website over a secure one.
Damian