How can I measure my site's security level now ?

We cannot really « measure » the security of a site like we can test a site's speed, for example.

Your site's security level depends on a number of factors coming not only from WordPress and its settings, but also from your hosting provider, your admin passwords, your installed themes and plugins, and more.

Moreover your site's security level can move over time, and your site can become less secure. Security is not a "set it and forget it" thing, but you have to be continually watching and adjusting. That's why SecuPress allows you to plan scans and sends you alerts.

At best, we can say a site is secure if it is protected against the most common forms of attack, and that is very subjective. That's what Secupress is trying to do with its grade system.

If you have the ressources, you can once in a while ask for the help of a « pentester ». The pentester will try to hack your site, and provide you with a security audit.