If you're comfortable at the CLI, WPScan is super easy to get going. The project is open source on Github and uses the WPScan Vulnerability Database, an open dataset of known WordPress vulnerabilities. Installation on a Mac is a piece of cake. Other methods and operating systems are documented on Github.

https://ma.ttias.be/scan-your-wordpress-for-security-vulnerabilities-with-wpscan/