Here is the way I usually follow to test a Wordpress install.
Get basic informations with WPScan:
wpscan -r --enumerate u --url http://www.example.com
If it can’t retrieve the user list, try to use provided script
For each user found, try to brute with basic passwords:
wpscan -r --url http://www.example.com --wordlist /Wordlists/Passwords/best1050.txt --username <username>
If the version of Wordpress has been found, download it from the official archive directory: https://wordpress.org/download/release-archive/
Open the tested website and take a look at the source to find those strings:
This could reveal more themes/plugins.