Solution:
There are vulnerability testing tools such as Vega that you might find useful. OWASP make ZAP, which I quite like. Someone else mentioned Arachni. Either way vulnerability testing cannot find everything so you should be aware of security measures during development.
Really you should familiarise yourself with the common vulnerabilities (SQL injection, XSS, CSRF), including those in the OWASP Top 10 Vulnerabilities before developing.
The other thing to note is that WP Scan is a penetration testing tool for WordPress, however it focuses more on configuration vulnerabilities and thus will not help you. WPScan also run WPVulnDB which lists known vulnerabilities in WordPress core files, themes and plugins.