WordPress Plugins

WordPress Plugins

WordPress plugins are the source of many security vulnerabilities. Always keep plugins updated to the latest version available, check developers plugin page for info on updates and fixes. WordPress website scan can give you an indication of plugin updates statuses. However, a dedicated tool can give a comprehensive assessment undertaken by brute forcing the plugin paths.
WordPress Themes

WordPress Themes

WordPress themes are also the source of security vulnerabilities. Always keep the themes updated to the latest version available, check developers theme page for info on updates and fixes. A good WordPress website scanner would check for other themes that are installed but not active; such themes might contain vulnerabilities. A good scanner could do brute forcing of the theme paths and thus go for a "black box" assessment or penetration test detection of all themes. It's best to remove all unused themes; this helps to minimize the attack surface of the WordPress installation.
User Enumeration

User Enumeration

Testing all the user IDs on a WordPress website helps; the scanner could then recommend renaming the admin user account if there are chances of brute force attacks occurring. This helps reduce chances of automated password attackers gaining access to the site. If author archives are enabled, it's mostly possible to enumerate all users within a WordPress installation.
Linked Sites

Linked Sites

Links with poor reputation could pose grave threats to users of a WordPress site. Hence Google Safe browse checks need to be done on each of the linked sites. The results of the check would also include hosting and location.