Liveupx Security

外掛說明

Liveupx Security is a complete, 100% free WordPress security plugin that rivals paid solutions. No paywalls, ever.

Core Features

Login Security
* Brute force protection with progressive lockouts (1st/2nd/3rd+ strikes escalate automatically)
* Multi-provider CAPTCHA: Math, Google reCAPTCHA v3, hCaptcha, Cloudflare Turnstile
* Honeypot bot detection (wp-login.php + WooCommerce)
* Passwordless magic link login
* Two-factor authentication: TOTP (Google Authenticator) + Email OTP
* Trusted device (30-day bypass cookie)
* Geolocation login alerts — notify when login comes from a new country
* Subnet auto-blocking (repeated attacks from /24 range)
* Custom login URL (hide wp-login.php)

Firewall / WAF
* PHP-based Web Application Firewall running at priority 1
* Remote WAF rule feed (auto-updated from liveupx.com)
* Admin-defined custom firewall rules
* Per-endpoint rate limiting (REST API, checkout, search, etc.)
* REST API security controls (block guests, hide /users endpoint)
* Country/geo blocking with API fallback chain
* Bad bot blocking with verified bot allowlist (Google, Bing, etc.)
* Referrer blocking with spam referrer presets
* Bad query/XSS/SQL injection blocking
* .htaccess security rules

Malware Scanner
* Chunked AJAX scanner — scans plugins, themes, uploads, mu-plugins
* 30+ malware patterns including backdoors, crypto miners, shell injections
* Heuristic risk scoring (0–100) per suspicious file
* Auto-quarantine critical findings during scan
* Scan diff — shows new threats vs last scan
* Database malware scanner (posts, options, comments, users)
* File quarantine and permanent delete

Vulnerability Scanner
* Powered by WPScan API (free tier)
* Scans all active plugins and active theme for known CVEs
* CVSS severity scoring (Critical/High/Medium/Low)
* Dashboard widget showing unresolved critical/high count
* Dedicated Vulnerabilities admin page

File Integrity
* WordPress core file integrity check (vs WordPress.org checksums API)
* Plugin & theme checksum verification (vs WordPress.org checksums)
* wp-config.php and .htaccess tampering detection
* Unknown PHP file detection in core directories

Core File Repair
* Downloads clean copies from WordPress.org SVN
* MD5 verification before writing
* Single file or bulk repair

Security Headers
* X-Frame-Options, X-Content-Type-Options, X-XSS-Protection
* Referrer-Policy, Permissions-Policy (per-feature builder)
* HSTS with preload support
* Content-Security-Policy with visual builder
* CSP violation reporting endpoint (REST API)
* A–F letter grade for your header configuration

User Security
* User enumeration protection (?author= + REST API)
* Strong password enforcement
* Block dangerous usernames (admin, root, etc.)
* Inactive user auto-lock (configurable threshold)
* Admin action audit trail
* Active session manager (view & revoke)
* GDPR IP anonymization

Post-Hack Recovery
* Lock PHP execution in uploads and wp-includes
* Log out all users instantly
* Force password reset for all users
* Reinstall free plugins from WordPress.org
* Delete version-revealing files (readme.html, etc.)
* Weekly security summary email report

Monitoring & Notifications
* Activity log (filterable, paginated, CSV export, configurable retention)
* HTML branded email alerts
* Slack/webhook notifications (compatible with Make.com, Zapier, Discord)
* Real-time dashboard stats (auto-refresh every 30s)
* 7-day login attempt chart

Developer Tools
* WP-CLI commands (wp xsec status|scan|block-ip|unblock-ip|2fa-reset|export-settings|import-settings)
* Settings import/export (JSON)
* Security score with category breakdown

Developed by Liveupx.com
Cloud hosting partner: xHost — by Liveupx.com
Featured on JustHunt.co