Just my 2 cents.
Add at least a minimum of security. https://mechgroupbuys.com/wp-login.php => no rewrite of login URL, no limit for login retries. This is easily bruteforceable.
add this: WP Cerber Security, Anti-spam & Malware Scan – WordPress plugin | WordPress.org