Liveupx Security
| 开发者 | liveupx |
|---|---|
| 更新时间 | 2026年3月22日 03:01 |
| PHP版本: | 7.4 及以上 |
| WordPress版本: | 6.9 |
| 版权: | GPLv2 or later |
| 版权网址: | 版权信息 |
详情介绍:
Liveupx Security is a complete, 100% free WordPress security plugin that rivals paid solutions. No paywalls, ever.
Core Features
Login Security
- Brute force protection with progressive lockouts (1st/2nd/3rd+ strikes escalate automatically)
- Multi-provider CAPTCHA: Math, Google reCAPTCHA v3, hCaptcha, Cloudflare Turnstile
- Honeypot bot detection (wp-login.php + WooCommerce)
- Passwordless magic link login
- Two-factor authentication: TOTP (Google Authenticator) + Email OTP
- Trusted device (30-day bypass cookie)
- Geolocation login alerts — notify when login comes from a new country
- Subnet auto-blocking (repeated attacks from /24 range)
- Custom login URL (hide wp-login.php) Firewall / WAF
- PHP-based Web Application Firewall running at priority 1
- Remote WAF rule feed (auto-updated from liveupx.com)
- Admin-defined custom firewall rules
- Per-endpoint rate limiting (REST API, checkout, search, etc.)
- REST API security controls (block guests, hide /users endpoint)
- Country/geo blocking with API fallback chain
- Bad bot blocking with verified bot allowlist (Google, Bing, etc.)
- Referrer blocking with spam referrer presets
- Bad query/XSS/SQL injection blocking
- .htaccess security rules Malware Scanner
- Chunked AJAX scanner — scans plugins, themes, uploads, mu-plugins
- 30+ malware patterns including backdoors, crypto miners, shell injections
- Heuristic risk scoring (0–100) per suspicious file
- Auto-quarantine critical findings during scan
- Scan diff — shows new threats vs last scan
- Database malware scanner (posts, options, comments, users)
- File quarantine and permanent delete Vulnerability Scanner
- Powered by WPScan API (free tier)
- Scans all active plugins and active theme for known CVEs
- CVSS severity scoring (Critical/High/Medium/Low)
- Dashboard widget showing unresolved critical/high count
- Dedicated Vulnerabilities admin page File Integrity
- WordPress core file integrity check (vs WordPress.org checksums API)
- Plugin & theme checksum verification (vs WordPress.org checksums)
- wp-config.php and .htaccess tampering detection
- Unknown PHP file detection in core directories Core File Repair
- Downloads clean copies from WordPress.org SVN
- MD5 verification before writing
- Single file or bulk repair Security Headers
- X-Frame-Options, X-Content-Type-Options, X-XSS-Protection
- Referrer-Policy, Permissions-Policy (per-feature builder)
- HSTS with preload support
- Content-Security-Policy with visual builder
- CSP violation reporting endpoint (REST API)
- A–F letter grade for your header configuration User Security
- User enumeration protection (?author= + REST API)
- Strong password enforcement
- Block dangerous usernames (admin, root, etc.)
- Inactive user auto-lock (configurable threshold)
- Admin action audit trail
- Active session manager (view & revoke)
- GDPR IP anonymization Post-Hack Recovery
- Lock PHP execution in uploads and wp-includes
- Log out all users instantly
- Force password reset for all users
- Reinstall free plugins from WordPress.org
- Delete version-revealing files (readme.html, etc.)
- Weekly security summary email report Monitoring & Notifications
- Activity log (filterable, paginated, CSV export, configurable retention)
- HTML branded email alerts
- Slack/webhook notifications (compatible with Make.com, Zapier, Discord)
- Real-time dashboard stats (auto-refresh every 30s)
- 7-day login attempt chart Developer Tools
- WP-CLI commands (wp xsec status|scan|block-ip|unblock-ip|2fa-reset|export-settings|import-settings)
- Settings import/export (JSON)
- Security score with category breakdown Developed by Liveupx.com Cloud hosting partner: xHost — by Liveupx.com Featured on JustHunt.co
安装:
- Upload the plugin files to
/wp-content/plugins/liveupx-security - Activate the plugin through the 'Plugins' screen
- Navigate to Liveupx Security in the admin menu
- Review your security score and enable recommended features
常见问题:
Is this plugin really 100% free?
Yes. All features are free forever. No premium tier, no feature paywalls, no upsells.
Will it conflict with other security plugins?
It's designed to work standalone. Deactivate conflicting security plugins (Wordfence, iThemes) before using.
Does it support WooCommerce?
Yes — honeypot and CAPTCHA protection apply to WooCommerce login forms.
Does it support multisite?
Basic multisite support in v4.0.0. Network-wide management is planned for v5.
更新日志:
4.0.0
- NEW: Multi-provider CAPTCHA (reCAPTCHA v3, hCaptcha, Cloudflare Turnstile)
- NEW: Magic link / passwordless login
- NEW: Progressive lockouts (escalating duration per IP)
- NEW: Trusted device (30-day 2FA bypass cookie)
- NEW: Geolocation login alerts with one-click account lock
- NEW: Subnet auto-blocking
- NEW: Remote WAF rule feed
- NEW: Admin-defined custom firewall rules
- NEW: Per-endpoint rate limiting
- NEW: REST API security controls
- NEW: Verified bot allowlist (Google, Bing, etc.)
- NEW: Referrer blocking with spam presets
- NEW: Vulnerability Scanner (WPScan API)
- NEW: Database malware scanner
- NEW: Plugin/theme checksum verification
- NEW: wp-config.php and .htaccess integrity check
- NEW: Heuristic risk scoring (0–100) for malware
- NEW: Auto-quarantine on scan
- NEW: Scan diff (new vs cleared threats)
- NEW: HTML email templates for all alerts
- NEW: Webhook/Slack notifications
- NEW: Real-time dashboard stats
- NEW: 7-day login attempt chart
- NEW: Security score breakdown by category
- NEW: Inactive user auto-lock
- NEW: Admin action audit trail
- NEW: Active session manager
- NEW: GDPR IP anonymization
- NEW: WP-CLI commands
- NEW: Settings import/export (JSON)
- NEW: Configurable log retention
- NEW: CSP visual builder
- NEW: CSP violation reporting endpoint
- NEW: Permissions-Policy per-feature builder
- NEW: Security header A–F grade
- NEW: Vulnerabilities admin page
- FIX: TOTP user_id detection on Edit User page
- FIX: DISALLOW_FILE_MODS now properly wired
- FIX: RSS toggle uses AJAX save (not fragile hidden form)
- FIX: WooCommerce login honeypot and CAPTCHA support
- FIX: Geo API fallback chain (ip-api.com → ipapi.co → skip)
- TOTP 2FA (Google Authenticator), email OTP fallback, backup codes
- Core file repair (download from WordPress.org SVN with checksum verification)
- Post-Hack recovery tools
- Malware quarantine and permanent delete