內容簡介
Liveupx Security 是一款完全免費的 WordPress 安全外掛,提供全面的安全防護功能,無需支付任何費用。它能有效對抗各種安全威脅,確保網站的安全性與穩定性。
【主要功能】
• 登入安全性:防止暴力破解與多種 CAPTCHA
• 防火牆:PHP 基礎的 Web 應用防火牆
• 惡意軟體掃描:檢查外掛、佈景主題及上傳檔案
• 漏洞掃描:檢查已知的 CVE 漏洞
• 檔案完整性檢查:驗證核心檔案及外掛的完整性
• 使用者安全性:強制使用強密碼與自動鎖定不活躍用戶
外掛標籤
開發者團隊
原文外掛簡介
Liveupx Security is a complete, 100% free WordPress security plugin that rivals paid solutions. No paywalls, ever.
Core Features
Login Security
* Brute force protection with progressive lockouts (1st/2nd/3rd+ strikes escalate automatically)
* Multi-provider CAPTCHA: Math, Google reCAPTCHA v3, hCaptcha, Cloudflare Turnstile
* Honeypot bot detection (wp-login.php + WooCommerce)
* Passwordless magic link login
* Two-factor authentication: TOTP (Google Authenticator) + Email OTP
* Trusted device (30-day bypass cookie)
* Geolocation login alerts — notify when login comes from a new country
* Subnet auto-blocking (repeated attacks from /24 range)
* Custom login URL (hide wp-login.php)
Firewall / WAF
* PHP-based Web Application Firewall running at priority 1
* Remote WAF rule feed (auto-updated from liveupx.com)
* Admin-defined custom firewall rules
* Per-endpoint rate limiting (REST API, checkout, search, etc.)
* REST API security controls (block guests, hide /users endpoint)
* Country/geo blocking with API fallback chain
* Bad bot blocking with verified bot allowlist (Google, Bing, etc.)
* Referrer blocking with spam referrer presets
* Bad query/XSS/SQL injection blocking
* .htaccess security rules
Malware Scanner
* Chunked AJAX scanner — scans plugins, themes, uploads, mu-plugins
* 30+ malware patterns including backdoors, crypto miners, shell injections
* Heuristic risk scoring (0–100) per suspicious file
* Auto-quarantine critical findings during scan
* Scan diff — shows new threats vs last scan
* Database malware scanner (posts, options, comments, users)
* File quarantine and permanent delete
Vulnerability Scanner
* Powered by WPScan API (free tier)
* Scans all active plugins and active theme for known CVEs
* CVSS severity scoring (Critical/High/Medium/Low)
* Dashboard widget showing unresolved critical/high count
* Dedicated Vulnerabilities admin page
File Integrity
* WordPress core file integrity check (vs WordPress.org checksums API)
* Plugin & theme checksum verification (vs WordPress.org checksums)
* wp-config.php and .htaccess tampering detection
* Unknown PHP file detection in core directories
Core File Repair
* Downloads clean copies from WordPress.org SVN
* MD5 verification before writing
* Single file or bulk repair
Security Headers
* X-Frame-Options, X-Content-Type-Options, X-XSS-Protection
* Referrer-Policy, Permissions-Policy (per-feature builder)
* HSTS with preload support
* Content-Security-Policy with visual builder
* CSP violation reporting endpoint (REST API)
* A–F letter grade for your header configuration
User Security
* User enumeration protection (?author= + REST API)
* Strong password enforcement
* Block dangerous usernames (admin, root, etc.)
* Inactive user auto-lock (configurable threshold)
* Admin action audit trail
* Active session manager (view & revoke)
* GDPR IP anonymization
Post-Hack Recovery
* Lock PHP execution in uploads and wp-includes
* Log out all users instantly
* Force password reset for all users
* Reinstall free plugins from WordPress.org
* Delete version-revealing files (readme.html, etc.)
* Weekly security summary email report
Monitoring & Notifications
* Activity log (filterable, paginated, CSV export, configurable retention)
* HTML branded email alerts
* Slack/webhook notifications (compatible with Make.com, Zapier, Discord)
* Real-time dashboard stats (auto-refresh every 30s)
* 7-day login attempt chart
Developer Tools
* WP-CLI commands (wp xsec status|scan|block-ip|unblock-ip|2fa-reset|export-settings|import-settings)
* Settings import/export (JSON)
* Security score with category breakdown
Developed by Liveupx.com
Cloud hosting partner: xHost — by Liveupx.com
Featured on JustHunt.co
