Title: Liveupx Security Author: Liveupx Published: 2026 年 1 月 9 日 Last modified: 2026 年 4 月 9 日 --- 搜尋外掛 ![](https://ps.w.org/liveupx-security/assets/banner-772x250.png?rev=3447278) ![](https://ps.w.org/liveupx-security/assets/icon.svg?rev=3447278) # Liveupx Security 由 [Liveupx](https://profiles.wordpress.org/liveupx/) 開發 [下載](https://downloads.wordpress.org/plugin/liveupx-security.4.0.1.zip) * [詳細資料](https://tw.wordpress.org/plugins/liveupx-security/#description) * [使用者評論](https://tw.wordpress.org/plugins/liveupx-security/#reviews) * [安裝方式](https://tw.wordpress.org/plugins/liveupx-security/#installation) * [開發資訊](https://tw.wordpress.org/plugins/liveupx-security/#developers) [技術支援](https://wordpress.org/support/plugin/liveupx-security/) ## 外掛說明 Liveupx Security is a complete, 100% free WordPress security plugin that rivals paid solutions. No paywalls, ever. #### Core Features **Login Security** * Brute force protection with progressive lockouts (1st/2nd/ 3rd+ strikes escalate automatically) * Multi-provider CAPTCHA: Math, Google reCAPTCHA v3, hCaptcha, Cloudflare Turnstile * Honeypot bot detection (wp-login.php + WooCommerce)* Passwordless magic link login * Two-factor authentication: TOTP (Google Authenticator) + Email OTP * Trusted device (30-day bypass cookie) * Geolocation login alerts — notify when login comes from a new country * Subnet auto-blocking (repeated attacks from /24 range) * Custom login URL (hide wp-login.php) **Firewall / WAF** * PHP-based Web Application Firewall running at priority 1 * Remote WAF rule feed (auto-updated from liveupx.com) * Admin-defined custom firewall rules * Per-endpoint rate limiting (REST API, checkout, search, etc.) * REST API security controls (block guests, hide /users endpoint) * Country/geo blocking with API fallback chain * Bad bot blocking with verified bot allowlist (Google, Bing, etc.) * Referrer blocking with spam referrer presets * Bad query/XSS/SQL injection blocking * .htaccess security rules **Malware Scanner** * Chunked AJAX scanner — scans plugins, themes, uploads, mu- plugins * 30+ malware patterns including backdoors, crypto miners, shell injections* Heuristic risk scoring (0–100) per suspicious file * Auto-quarantine critical findings during scan * Scan diff — shows new threats vs last scan * Database malware scanner( posts, options, comments, users) * File quarantine and permanent delete **Vulnerability Scanner** * Powered by WPScan API (free tier) * Scans all active plugins and active theme for known CVEs * CVSS severity scoring (Critical/High/Medium/ Low) * Dashboard widget showing unresolved critical/high count * Dedicated Vulnerabilities admin page **File Integrity** * WordPress core file integrity check (vs WordPress.org checksums API) * Plugin & theme checksum verification (vs WordPress.org checksums) * wp-config. php and .htaccess tampering detection * Unknown PHP file detection in core directories **Core File Repair** * Downloads clean copies from WordPress.org SVN * MD5 verification before writing * Single file or bulk repair **Security Headers** * X-Frame-Options, X-Content-Type-Options, X-XSS-Protection* Referrer-Policy, Permissions-Policy (per-feature builder) * HSTS with preload support* Content-Security-Policy with visual builder * CSP violation reporting endpoint ( REST API) * A–F letter grade for your header configuration **User Security** * User enumeration protection (?author= + REST API) * Strong password enforcement * Block dangerous usernames (admin, root, etc.) * Inactive user auto-lock (configurable threshold) * Admin action audit trail * Active session manager (view & revoke) * GDPR IP anonymization **Post-Hack Recovery** * Lock PHP execution in uploads and wp-includes * Log out all users instantly * Force password reset for all users * Reinstall free plugins from WordPress.org * Delete version-revealing files (readme.html, etc.) * Weekly security summary email report **Monitoring & Notifications** * Activity log (filterable, paginated, CSV export, configurable retention) * HTML branded email alerts * Slack/webhook notifications( compatible with Make.com, Zapier, Discord) * Real-time dashboard stats (auto-refresh every 30s) * 7-day login attempt chart **Developer Tools** * WP-CLI commands (wp xsec status|scan|block-ip|unblock-ip| 2fa-reset|export-settings|import-settings) * Settings import/export (JSON) * Security score with category breakdown Developed by [Liveupx.com](https://liveupx.com) Cloud hosting partner: [xHost](https://xhost.live)— by Liveupx.com [Featured on JustHunt.co](https://justhunt.co/startups/x-security) ## 螢幕擷圖 * [[ * [[ * [[ * [[ * [[ * [[ ## 安裝方式 1. Upload the plugin files to `/wp-content/plugins/liveupx-security` 2. Activate the plugin through the ‘Plugins’ screen 3. Navigate to **Liveupx Security** in the admin menu 4. Review your security score and enable recommended features ## 常見問題集 ### Is this plugin really 100% free? Yes. All features are free forever. No premium tier, no feature paywalls, no upsells. ### Will it conflict with other security plugins? It’s designed to work standalone. Deactivate conflicting security plugins (Wordfence, iThemes) before using. ### Does it support WooCommerce? Yes — honeypot and CAPTCHA protection apply to WooCommerce login forms. ### Does it support multisite? Basic multisite support in v4.0.0. Network-wide management is planned for v5. ## 使用者評論 這個外掛目前沒有任何使用者評論。 ## 參與者及開發者 以下人員參與了開源軟體〈Liveupx Security〉的開發相關工作。 參與者 * [ Liveupx ](https://profiles.wordpress.org/liveupx/) [將〈Liveupx Security〉外掛本地化為台灣繁體中文版](https://translate.wordpress.org/projects/wp-plugins/liveupx-security) ### 對開發相關資訊感興趣? 任何人均可[瀏覽程式碼](https://plugins.trac.wordpress.org/browser/liveupx-security/)、 查看 [SVN 存放庫](https://plugins.svn.wordpress.org/liveupx-security/),或透過 [RSS](https://plugins.trac.wordpress.org/log/liveupx-security/?limit=100&mode=stop_on_copy&format=rss) 訂閱[開發記錄](https://plugins.trac.wordpress.org/log/liveupx-security/)。 ## 變更記錄 #### 4.0.1 * FIX: Custom Login URL feature now correctly serves the login page at the custom slug * FIX: Direct wp-login.php access now properly returns 404 for non-authenticated visitors * FIX: Password reset, logout, and other core WordPress actions no longer blocked by custom login URL * FIX: Logged-in administrators can still access wp-login.php directly * FIX: Replaced PHP parse_url() with WordPress wp_parse_url() for coding standards compliance #### 4.0.0 * NEW: Multi-provider CAPTCHA (reCAPTCHA v3, hCaptcha, Cloudflare Turnstile) * NEW: Magic link / passwordless login * NEW: Progressive lockouts (escalating duration per IP) * NEW: Trusted device (30-day 2FA bypass cookie) * NEW: Geolocation login alerts with one-click account lock * NEW: Subnet auto-blocking * NEW: Remote WAF rule feed * NEW: Admin-defined custom firewall rules * NEW: Per-endpoint rate limiting * NEW: REST API security controls * NEW: Verified bot allowlist (Google, Bing, etc.) * NEW: Referrer blocking with spam presets * NEW: Vulnerability Scanner (WPScan API) * NEW: Database malware scanner * NEW: Plugin/theme checksum verification * NEW: wp-config.php and .htaccess integrity check * NEW: Heuristic risk scoring (0–100) for malware * NEW: Auto-quarantine on scan * NEW: Scan diff (new vs cleared threats) * NEW: HTML email templates for all alerts * NEW: Webhook/Slack notifications * NEW: Real-time dashboard stats * NEW: 7-day login attempt chart * NEW: Security score breakdown by category * NEW: Inactive user auto-lock * NEW: Admin action audit trail * NEW: Active session manager * NEW: GDPR IP anonymization * NEW: WP-CLI commands * NEW: Settings import/export (JSON) * NEW: Configurable log retention * NEW: CSP visual builder * NEW: CSP violation reporting endpoint * NEW: Permissions-Policy per-feature builder * NEW: Security header A–F grade * NEW: Vulnerabilities admin page * FIX: TOTP user_id detection on Edit User page * FIX: DISALLOW_FILE_MODS now properly wired * FIX: RSS toggle uses AJAX save (not fragile hidden form) * FIX: WooCommerce login honeypot and CAPTCHA support * FIX: Geo API fallback chain (ip-api.com ipapi.co skip) #### 3.0.0 * TOTP 2FA (Google Authenticator), email OTP fallback, backup codes * Core file repair (download from WordPress.org SVN with checksum verification) * Post-Hack recovery tools * Malware quarantine and permanent delete ## 中繼資料 * 版本 **4.0.1** * 最後更新 **2 個月前** * 啟用安裝數 **少於 10 次** * WordPress 版本需求 ** 5.0 或更新版本 ** * 已測試相容的 WordPress 版本 **6.9.4** * PHP 版本需求 ** 7.4 或更新版本 ** * 語言 * [English (US)](https://wordpress.org/plugins/liveupx-security/) * 標籤: * [2FA](https://tw.wordpress.org/plugins/tags/2fa/)[firewall](https://tw.wordpress.org/plugins/tags/firewall/) [login protection](https://tw.wordpress.org/plugins/tags/login-protection/)[malware scanner](https://tw.wordpress.org/plugins/tags/malware-scanner/) [security](https://tw.wordpress.org/plugins/tags/security/) * [進階檢視](https://tw.wordpress.org/plugins/liveupx-security/advanced/) ## 評分 這個項目尚無任何評論記錄。 [Your review](https://wordpress.org/support/plugin/liveupx-security/reviews/#new-post) [查看全部使用者評論](https://wordpress.org/support/plugin/liveupx-security/reviews/) ## 參與者 * [ Liveupx ](https://profiles.wordpress.org/liveupx/) ## 技術支援 最近 2 個月解決的問題: 總計 1 個問題,已解決 1 個 [檢視技術支援論壇](https://wordpress.org/support/plugin/liveupx-security/)