Linux 软件免费装
Banner图

Lumiverse Security Watchdog Lite

开发者 bestseogr
更新时间 2026年7月2日 15:21
PHP版本: 7.4 及以上
WordPress版本: 7.0
版权: GPLv2 or later
版权网址: 版权信息

标签

security login security firewall malware scanner woocommerce security

下载

3.5.6 3.6.7 3.0.0 3.0.3 3.0.4 1.1.3 3.0.1

详情介绍:

Lumiverse Security Watchdog Lite Lumiverse Security Watchdog Lite is a lightweight yet powerful WordPress security plugin designed to detect early signs of compromise and reduce common attack surfaces. It runs automated background scans and alerts you when something suspicious is detected. What it monitors ✔ Malware signatures (JS & PHP) Scans files for known malware patterns including injectors, obfuscated scripts, and common webshell families. ✔ Changed JavaScript files Detects modified .js files and analyzes them for suspicious behavior. ✔ Live Watch Mode Adds a lightweight metadata watcher for risky files. In Lite it tracks up to 3000 files and monitors uploads, plugins, themes, wp-content root and optional WordPress core paths. ✔ Plugins (new, deleted, suspicious) Security Hardening Features Reduce attack surface with one-click protections: ✔ Block XML-RPC\ ✔ Disable application passwords\ ✔ Disable file editing (wp-admin editor)\ ✔ Disable plugin/theme installation & updates (optional)\ ✔ Disable plugin/theme deletion\ ✔ Hide login error messages\ ✔ Login Guard with safe Lite defaults\ ✔ Block pingbacks\ ✔ Block user enumeration\ ✔ Block comments sitewide\ ✔ Block password reset for administrators\ ✔ Visitor Protection Headers: X-Content-Type-Options, X-Frame-Options, Referrer-Policy, optional Permissions-Policy and optional HSTS Traffic Shield Features ✔ Smart behavior-based IP traffic protection\ ✔ Internal abuse scoring to identify abusive patterns without relying only on raw request counts\ ✔ WooCommerce-aware cart/wishlist protection for common add-to-cart and add-to-wishlist floods\ ✔ XML-RPC request blocking\ ✔ Dynamic 404 flood protection\ ✔ Suspicious query string blocking\ ✔ Bot & Scanner Blocking Lite for selected scraper-style bots and obvious vulnerability scanner user agents\ ✔ Emergency Mode that activates only when high site-wide traffic pressure is combined with suspicious request pressure\ ✔ Whitelisted IPs for trusted office, developer or administrator addresses\ ✔ Security-only Live Monitor for recent blocks and protection status Alerts & Monitoring ✔ Email notifications when threats are detected\ ✔ Optional Live Watch email alerts\ ✔ Optional auto-fix to disable user registration\ ✔ Admin hygiene warnings (e.g. weak usernames) Performance Focused ✔ Fast Mode: scan only recently modified files\ ✔ Live Watch uses file metadata instead of full content hashing\ ✔ Lightweight: no heavy server load\ ✔ Designed to work alongside plugins like Wordfence Important This plugin does NOT automatically clean malware. It is a detection and monitoring tool that helps you:

安装:

  1. Go to your WordPress Dashboard → Plugins → Add New
  2. Search for: Lumiverse Security Watchdog Lite
  3. Install and Activate
  4. Go to “Security Watchdog” in the admin menu
  5. Enable scanning and configure your settings
Or manually:
  1. Upload the plugin folder to /wp-content/plugins/
  2. Activate the plugin
  3. Go to “Security Watchdog” and configure

屏幕截图:

  • Scanner settings
  • Hardening options with Visitor Protection Headers
  • Traffic Shield with WooCommerce protection
  • Real-Time Security Activity feed with compact details

常见问题:

Does this plugin remove malware?

No. Lumiverse Security Watchdog Lite is a monitoring, detection, hardening and traffic protection plugin. It helps detect suspicious files, suspicious changes, malware indicators, login attacks and abusive traffic so you can respond quickly. It does not automatically delete or clean infected files.

What are the Lite limits?

Lite uses safe fixed defaults designed for normal WordPress and WooCommerce websites. Live Watch tracks up to 3000 files and runs every 30 minutes. Traffic Shield and Login Guard limits are intentionally locked to reduce false positives. Advanced cleanup, quarantine, rollback, Early WAF, IP Control Center and deeper PRO workflows are planned for the PRO version.

What is the difference between the Scanner and Live Watch?

The Scanner performs deeper checks for suspicious files, malware indicators, new plugins, new admin users and other security signals. Live Watch is a lightweight file-change monitor that checks file metadata such as path, modified time and size, so it can detect new, modified or deleted files without running a full scan every few minutes.

How often does the scanner run?

The normal scanner can run every 6, 12, or 24 hours depending on your settings. Live Watch, when enabled, runs a lightweight metadata check every 30 minutes.

Will Live Watch slow down my website?

Live Watch is designed to be lightweight. It uses metadata-based checks instead of repeatedly reading every file. In the Lite version, Live Watch tracks up to 3000 files.

What is Traffic Shield?

Traffic Shield is a smart behavior-based protection layer for WordPress traffic. It watches dynamic request pressure, WooCommerce cart/wishlist actions, XML-RPC requests, dynamic 404s, suspicious query strings and internal abuse scores. It is designed to react to abusive patterns instead of treating every page load, image, CSS or JavaScript file as an attack. It does not use a geolocation or country-blocking database.

Is Traffic Shield a full DDoS protection system?

No. Traffic Shield helps with abusive WordPress-level traffic and request patterns. Large network-level attacks should still be handled by your hosting provider, server firewall or CDN-level protection.

Will Traffic Shield block normal visitors?

Traffic Shield Lite uses safe locked defaults and internal abuse scoring to reduce false positives on normal WordPress and WooCommerce websites. Static assets such as CSS, JavaScript, images, fonts, maps and media files are ignored by dynamic traffic counters, and Emergency Mode requires suspicious request pressure instead of raw traffic alone.

Does Traffic Shield protect WooCommerce websites?

Yes. Traffic Shield includes WooCommerce-aware protection for common cart and wishlist abuse patterns, including add-to-cart and add-to-wishlist request floods. It also gives more weight to repeated cart/wishlist actions and suspicious cart/wishlist behavior, while avoiding automatic blocking of normal category-page Add to Cart usage.

What is Emergency Mode?

Emergency Mode temporarily tightens Traffic Shield limits only when site-wide dynamic traffic pressure is high and suspicious request pressure is also detected. This helps protect busy stores without cutting normal traffic just because many real shoppers are online. In the Lite version, Emergency Mode runs for 30 minutes and uses 60% of the locked per-IP limits. Temporary Traffic Shield blocks expire after 90 minutes.

Is the Emergency threshold per IP or site-wide?

The Emergency threshold is site-wide, not per IP. In Lite, Emergency Mode can activate when total non-static dynamic requests across the site reach 400 requests in one minute and suspicious request pressure is also detected. Individual IP blocking uses separate per-IP limits.

What are the Lite Traffic Shield limits?

Lite uses locked safe defaults: 120 dynamic requests per IP per minute, 30 real cart/wishlist actions per IP per minute, 20 404 requests per IP per minute, 90-minute temporary blocks, and a site-wide Emergency threshold of 400 dynamic requests per minute combined with suspicious request pressure. During Emergency Mode, dynamic request limits tighten while cart/wishlist protection stays conservative to avoid blocking real shoppers.

Can I whitelist trusted IP addresses?

Yes. Traffic Shield Lite includes a Whitelisted IPs field. Add one trusted IP per line for office, developer, monitoring or administrator addresses that should not be temporarily blocked by Traffic Shield.

Does Traffic Shield use only raw request counting?

No. Traffic Shield Lite also uses internal abuse scoring to better separate normal shoppers from abusive request patterns. Normal dynamic page views receive a very low score, while repeated cart/wishlist actions, dynamic 404s, suspicious query strings, missing referrers on cart/wishlist actions and repeated URL hits add more pressure. This means a real customer browsing products is treated differently from a bot repeatedly hitting cart, wishlist, 404 or suspicious URLs.

What is Login Guard?

Login Guard helps protect the WordPress login form from repeated failed login attempts. It can also help protect XML-RPC login attempts and block login attempts using the username "admin".

Can I change Login Guard limits in Lite?

No. Lite uses fixed safe defaults: 3 failed attempts, a 30-minute failure window and a 90-minute lockout duration.

What does “Block username admin” do?

It blocks login attempts using the username "admin". This helps reduce common brute-force attacks against WordPress sites that still receive automated login attempts for the default admin username.

What does “Protect XML-RPC login attempts” do?

It helps detect and limit failed login attempts made through XML-RPC, which is commonly targeted by automated attacks.

What does “Block admin password reset” do?

It prevents administrator password reset requests through the default WordPress password reset flow. This can help reduce password reset abuse against administrator accounts.

Will it send emails on every scan?

No. Email alerts are sent only when suspicious findings or important security events are detected, depending on your settings.

Why did I not receive an email alert?

Email delivery depends on your WordPress mail configuration and hosting environment. The plugin records wp_mail success or failure in logs to help you confirm whether WordPress attempted to send the message.

Can I use this with Wordfence or other security plugins?

Yes. Lumiverse Security Watchdog Lite is designed to complement other security tools. However, if another plugin also blocks XML-RPC, login attempts or abusive traffic, review your settings to avoid overlapping behavior.

Will it slow down my site?

The plugin is designed to be lightweight. Scans run in the background, Live Watch uses metadata-based checks, and Traffic Shield ignores static assets such as images, CSS, JavaScript and fonts.

Does this plugin use country blocking or geolocation?

No. Traffic Shield is behavior-based and does not rely on country blocking or geolocation databases.

Does the plugin change WordPress core files?

No. The plugin monitors and reports suspicious changes. It does not modify WordPress core files as part of normal operation.

Should I delete every file reported by the scanner?

No. Scanner findings should be reviewed carefully before deleting anything. Some findings may require manual investigation, especially on websites with custom code or complex plugins.

What should I do if malware indicators are detected?

Review the reported files, compare them with clean backups or original plugin/theme files, remove confirmed malware carefully, update all plugins/themes/core, change administrator passwords, review admin users, and consider a professional cleanup if you are unsure.

Is this plugin enough to fully secure my website?

No single plugin can guarantee full security. Lumiverse Security Watchdog Lite adds monitoring, hardening, login protection and traffic protection, but you should also keep WordPress updated, use strong passwords, maintain clean backups, secure your hosting account and use server/CDN-level protection when needed.

What are Visitor Protection Headers?

Visitor Protection Headers add safe browser-level security headers from the Hardening tab. Lite can send X-Content-Type-Options, X-Frame-Options and Referrer-Policy. Permissions-Policy and HSTS are optional and should be tested before enabling. HSTS should only be enabled when the entire site and all subresources work correctly over HTTPS.

What does Bot & Scanner Blocking Lite do?

It can block selected, obvious automated user agents from Traffic Shield. One switch targets known scraper-style crawler user agents, and the other targets obvious vulnerability scanner/probing tools such as WPScan, sqlmap, Nikto, Nmap, masscan and nuclei. It does not use broad “bot” matching and does not block major search engines.

Is a PRO version available?

A PRO version is in development. The Lite plugin includes a contact link where you can ask to be notified when it becomes available.

更新日志:

3.6.7 3.6.6 3.6.5 3.6.4 3.6.3 3.6.2 3.6.1 3.6.0 3.5.6 3.5.5 3.5.4 3.5.3 3.5.2 3.5.1 3.5.0 3.0.4 3.0.3 3.0.1 3.0.0 Major update: 1.1.4 New patterns\ Improved engine 1.1.2 Initial WordPress.org release