Hello and welcome to WOT.
First, your site appears to be free of exploits and malware. I note, however, that you are using an older version of php which is no longer supported with security repairs (see: www.php.net/supported-versions.php and especially see: www.wordpress.org/support/update-php/)
. I recommend contacting your hosting service and inquiring about this issue.
There are other security issues you should consider:
Missing security header for ClickJacking Protection. Alternatively, you can use Content-Security-Policy: frame-ancestors 'none'. (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors)
Missing security header to prevent Content Type sniffing. (https://docs.sucuri.net/warnings/hardening/security-headers-x-content-type-nosniff/)
Missing Strict-Transport-Security security header. (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security)
Missing Content-Security-Policy directive. We recommend to add the following CSP directives (you can use default-src if all values are the same): script-src, object-src, base-uri, frame-src (https://blog.sucuri.net/2018/04/content-security-policy.html)
Leaked PHP version. Your site is displaying your PHP version in the HTTP headers. Please set expose_php = Off.
If you will address your currently obsolete version of php, I would be willing to rate your site higher for security.
As it is now, I would give the site a three-star to four-star rating. Please PM me when you have updated your php and I will rate the site higher.