We don't have any recommendations but others might.
It's always good to do penetration testing but one must take a lot of care when reviewing and interpreting the results of the testing. Automated tools do not understand the purpose of the website they are scanning. A tool might claim there is a vulnerability because someone can post something it deems as "bad" to a page but you want people to be able to post that particular thing the tool thinks is "bad".
If you find a vulnerability that you are unsure about or you know is an issue, please use our contact form to let us know. This will give us time to issue a patch before the issue is made public and the real "bad guys" try to exploit it.