Liveupx Security is a complete, 100% free WordPress security plugin that rivals paid solutions. No paywalls, ever.<\/p>\n\n
Login Security<\/strong>\n* Brute force protection with progressive lockouts (1st\/2nd\/3rd+ strikes escalate automatically)\n* Multi-provider CAPTCHA: Math, Google reCAPTCHA v3, hCaptcha, Cloudflare Turnstile\n* Honeypot bot detection (wp-login.php + WooCommerce)\n* Passwordless magic link login\n* Two-factor authentication: TOTP (Google Authenticator) + Email OTP\n* Trusted device (30-day bypass cookie)\n* Geolocation login alerts \u2014 notify when login comes from a new country\n* Subnet auto-blocking (repeated attacks from \/24 range)\n* Custom login URL (hide wp-login.php)<\/p>\n\n Firewall \/ WAF<\/strong>\n* PHP-based Web Application Firewall running at priority 1\n* Remote WAF rule feed (auto-updated from liveupx.com)\n* Admin-defined custom firewall rules\n* Per-endpoint rate limiting (REST API, checkout, search, etc.)\n* REST API security controls (block guests, hide \/users endpoint)\n* Country\/geo blocking with API fallback chain\n* Bad bot blocking with verified bot allowlist (Google, Bing, etc.)\n* Referrer blocking with spam referrer presets\n* Bad query\/XSS\/SQL injection blocking\n* .htaccess security rules<\/p>\n\n Malware Scanner<\/strong>\n* Chunked AJAX scanner \u2014 scans plugins, themes, uploads, mu-plugins\n* 30+ malware patterns including backdoors, crypto miners, shell injections\n* Heuristic risk scoring (0\u2013100) per suspicious file\n* Auto-quarantine critical findings during scan\n* Scan diff \u2014 shows new threats vs last scan\n* Database malware scanner (posts, options, comments, users)\n* File quarantine and permanent delete<\/p>\n\n Vulnerability Scanner<\/strong>\n* Powered by WPScan API (free tier)\n* Scans all active plugins and active theme for known CVEs\n* CVSS severity scoring (Critical\/High\/Medium\/Low)\n* Dashboard widget showing unresolved critical\/high count\n* Dedicated Vulnerabilities admin page<\/p>\n\n File Integrity<\/strong>\n* WordPress core file integrity check (vs WordPress.org checksums API)\n* Plugin & theme checksum verification (vs WordPress.org checksums)\n* wp-config.php and .htaccess tampering detection\n* Unknown PHP file detection in core directories<\/p>\n\n Core File Repair<\/strong>\n* Downloads clean copies from WordPress.org SVN\n* MD5 verification before writing\n* Single file or bulk repair<\/p>\n\n Security Headers<\/strong>\n* X-Frame-Options, X-Content-Type-Options, X-XSS-Protection\n* Referrer-Policy, Permissions-Policy (per-feature builder)\n* HSTS with preload support\n* Content-Security-Policy with visual builder\n* CSP violation reporting endpoint (REST API)\n* A\u2013F letter grade for your header configuration<\/p>\n\n User Security<\/strong>\n* User enumeration protection (?author= + REST API)\n* Strong password enforcement\n* Block dangerous usernames (admin, root, etc.)\n* Inactive user auto-lock (configurable threshold)\n* Admin action audit trail\n* Active session manager (view & revoke)\n* GDPR IP anonymization<\/p>\n\n Post-Hack Recovery<\/strong>\n* Lock PHP execution in uploads and wp-includes\n* Log out all users instantly\n* Force password reset for all users\n* Reinstall free plugins from WordPress.org\n* Delete version-revealing files (readme.html, etc.)\n* Weekly security summary email report<\/p>\n\n Monitoring & Notifications<\/strong>\n* Activity log (filterable, paginated, CSV export, configurable retention)\n* HTML branded email alerts\n* Slack\/webhook notifications (compatible with Make.com, Zapier, Discord)\n* Real-time dashboard stats (auto-refresh every 30s)\n* 7-day login attempt chart<\/p>\n\n Developer Tools<\/strong>\n* WP-CLI commands (wp xsec status|scan|block-ip|unblock-ip|2fa-reset|export-settings|import-settings)\n* Settings import\/export (JSON)\n* Security score with category breakdown<\/p>\n\n Developed by Liveupx.com<\/a>\nCloud hosting partner: xHost<\/a> \u2014 by Liveupx.com\nFeatured on JustHunt.co<\/a><\/p>\n\n\n Yes. All features are free forever. No premium tier, no feature paywalls, no upsells.<\/p><\/dd>\n It's designed to work standalone. Deactivate conflicting security plugins (Wordfence, iThemes) before using.<\/p><\/dd>\n Yes \u2014 honeypot and CAPTCHA protection apply to WooCommerce login forms.<\/p><\/dd>\n Basic multisite support in v4.0.0. Network-wide management is planned for v5.<\/p><\/dd>\n\n<\/dl>\n\n\n\n
\/wp-content\/plugins\/liveupx-security<\/code><\/li>\n\n
Is this plugin really 100% free?<\/h3><\/dt>\n
Will it conflict with other security plugins?<\/h3><\/dt>\n
Does it support WooCommerce?<\/h3><\/dt>\n
Does it support multisite?<\/h3><\/dt>\n
4.0.0<\/h4>\n\n
\n
3.0.0<\/h4>\n\n
\n