Title: Liveupx Security Author: Liveupx Published: 9 janvier 2026 Last modified: 9 avril 2026 --- Recherche d’extensions ![](https://ps.w.org/liveupx-security/assets/banner-772x250.png?rev=3447278) ![](https://ps.w.org/liveupx-security/assets/icon.svg?rev=3447278) # Liveupx Security Par [Liveupx](https://profiles.wordpress.org/liveupx/) [Télécharger](https://downloads.wordpress.org/plugin/liveupx-security.4.0.1.zip) * [Détails](https://fr.wordpress.org/plugins/liveupx-security/#description) * [Avis](https://fr.wordpress.org/plugins/liveupx-security/#reviews) * [Installation](https://fr.wordpress.org/plugins/liveupx-security/#installation) * [Développement](https://fr.wordpress.org/plugins/liveupx-security/#developers) [Support](https://wordpress.org/support/plugin/liveupx-security/) ## Description Liveupx Security is a complete, 100% free WordPress security plugin that rivals paid solutions. No paywalls, ever. #### Core Features **Login Security** * Brute force protection with progressive lockouts (1st/2nd/ 3rd+ strikes escalate automatically) * Multi-provider CAPTCHA: Math, Google reCAPTCHA v3, hCaptcha, Cloudflare Turnstile * Honeypot bot detection (wp-login.php + WooCommerce)* Passwordless magic link login * Two-factor authentication: TOTP (Google Authenticator) + Email OTP * Trusted device (30-day bypass cookie) * Geolocation login alerts — notify when login comes from a new country * Subnet auto-blocking (repeated attacks from /24 range) * Custom login URL (hide wp-login.php) **Firewall / WAF** * PHP-based Web Application Firewall running at priority 1 * Remote WAF rule feed (auto-updated from liveupx.com) * Admin-defined custom firewall rules * Per-endpoint rate limiting (REST API, checkout, search, etc.) * REST API security controls (block guests, hide /users endpoint) * Country/geo blocking with API fallback chain * Bad bot blocking with verified bot allowlist (Google, Bing, etc.) * Referrer blocking with spam referrer presets * Bad query/XSS/SQL injection blocking * .htaccess security rules **Malware Scanner** * Chunked AJAX scanner — scans plugins, themes, uploads, mu- plugins * 30+ malware patterns including backdoors, crypto miners, shell injections* Heuristic risk scoring (0–100) per suspicious file * Auto-quarantine critical findings during scan * Scan diff — shows new threats vs last scan * Database malware scanner( posts, options, comments, users) * File quarantine and permanent delete **Vulnerability Scanner** * Powered by WPScan API (free tier) * Scans all active plugins and active theme for known CVEs * CVSS severity scoring (Critical/High/Medium/ Low) * Dashboard widget showing unresolved critical/high count * Dedicated Vulnerabilities admin page **File Integrity** * WordPress core file integrity check (vs WordPress.org checksums API) * Plugin & theme checksum verification (vs WordPress.org checksums) * wp-config. php and .htaccess tampering detection * Unknown PHP file detection in core directories **Core File Repair** * Downloads clean copies from WordPress.org SVN * MD5 verification before writing * Single file or bulk repair **Security Headers** * X-Frame-Options, X-Content-Type-Options, X-XSS-Protection* Referrer-Policy, Permissions-Policy (per-feature builder) * HSTS with preload support* Content-Security-Policy with visual builder * CSP violation reporting endpoint ( REST API) * A–F letter grade for your header configuration **User Security** * User enumeration protection (?author= + REST API) * Strong password enforcement * Block dangerous usernames (admin, root, etc.) * Inactive user auto-lock (configurable threshold) * Admin action audit trail * Active session manager (view & revoke) * GDPR IP anonymization **Post-Hack Recovery** * Lock PHP execution in uploads and wp-includes * Log out all users instantly * Force password reset for all users * Reinstall free plugins from WordPress.org * Delete version-revealing files (readme.html, etc.) * Weekly security summary email report **Monitoring & Notifications** * Activity log (filterable, paginated, CSV export, configurable retention) * HTML branded email alerts * Slack/webhook notifications( compatible with Make.com, Zapier, Discord) * Real-time dashboard stats (auto-refresh every 30s) * 7-day login attempt chart **Developer Tools** * WP-CLI commands (wp xsec status|scan|block-ip|unblock-ip| 2fa-reset|export-settings|import-settings) * Settings import/export (JSON) * Security score with category breakdown Developed by [Liveupx.com](https://liveupx.com) Cloud hosting partner: [xHost](https://xhost.live)— by Liveupx.com [Featured on JustHunt.co](https://justhunt.co/startups/x-security) ## Captures d’écrans * [[ * [[ * [[ * [[ * [[ * [[ ## Installation 1. Upload the plugin files to `/wp-content/plugins/liveupx-security` 2. Activate the plugin through the ‘Plugins’ screen 3. Navigate to **Liveupx Security** in the admin menu 4. Review your security score and enable recommended features ## FAQ ### Is this plugin really 100% free? Yes. All features are free forever. No premium tier, no feature paywalls, no upsells. ### Will it conflict with other security plugins? It’s designed to work standalone. Deactivate conflicting security plugins (Wordfence, iThemes) before using. ### Does it support WooCommerce? Yes — honeypot and CAPTCHA protection apply to WooCommerce login forms. ### Does it support multisite? Basic multisite support in v4.0.0. Network-wide management is planned for v5. ## Avis Il n’y a aucun avis pour cette extension. ## Contributeurs/contributrices & développeurs/développeuses « Liveupx Security » est un logiciel libre. Les personnes suivantes ont contribué à cette extension. Contributeurs * [ Liveupx ](https://profiles.wordpress.org/liveupx/) [Traduisez « Liveupx Security » dans votre langue.](https://translate.wordpress.org/projects/wp-plugins/liveupx-security) ### Le développement vous intéresse ? [Parcourir le code](https://plugins.trac.wordpress.org/browser/liveupx-security/), consulter le [SVN dépôt](https://plugins.svn.wordpress.org/liveupx-security/), ou s’inscrire au [journal de développement](https://plugins.trac.wordpress.org/log/liveupx-security/) par [RSS](https://plugins.trac.wordpress.org/log/liveupx-security/?limit=100&mode=stop_on_copy&format=rss). ## Journal des modifications #### 4.0.1 * FIX: Custom Login URL feature now correctly serves the login page at the custom slug * FIX: Direct wp-login.php access now properly returns 404 for non-authenticated visitors * FIX: Password reset, logout, and other core WordPress actions no longer blocked by custom login URL * FIX: Logged-in administrators can still access wp-login.php directly * FIX: Replaced PHP parse_url() with WordPress wp_parse_url() for coding standards compliance #### 4.0.0 * NEW: Multi-provider CAPTCHA (reCAPTCHA v3, hCaptcha, Cloudflare Turnstile) * NEW: Magic link / passwordless login * NEW: Progressive lockouts (escalating duration per IP) * NEW: Trusted device (30-day 2FA bypass cookie) * NEW: Geolocation login alerts with one-click account lock * NEW: Subnet auto-blocking * NEW: Remote WAF rule feed * NEW: Admin-defined custom firewall rules * NEW: Per-endpoint rate limiting * NEW: REST API security controls * NEW: Verified bot allowlist (Google, Bing, etc.) * NEW: Referrer blocking with spam presets * NEW: Vulnerability Scanner (WPScan API) * NEW: Database malware scanner * NEW: Plugin/theme checksum verification * NEW: wp-config.php and .htaccess integrity check * NEW: Heuristic risk scoring (0–100) for malware * NEW: Auto-quarantine on scan * NEW: Scan diff (new vs cleared threats) * NEW: HTML email templates for all alerts * NEW: Webhook/Slack notifications * NEW: Real-time dashboard stats * NEW: 7-day login attempt chart * NEW: Security score breakdown by category * NEW: Inactive user auto-lock * NEW: Admin action audit trail * NEW: Active session manager * NEW: GDPR IP anonymization * NEW: WP-CLI commands * NEW: Settings import/export (JSON) * NEW: Configurable log retention * NEW: CSP visual builder * NEW: CSP violation reporting endpoint * NEW: Permissions-Policy per-feature builder * NEW: Security header A–F grade * NEW: Vulnerabilities admin page * FIX: TOTP user_id detection on Edit User page * FIX: DISALLOW_FILE_MODS now properly wired * FIX: RSS toggle uses AJAX save (not fragile hidden form) * FIX: WooCommerce login honeypot and CAPTCHA support * FIX: Geo API fallback chain (ip-api.com ipapi.co skip) #### 3.0.0 * TOTP 2FA (Google Authenticator), email OTP fallback, backup codes * Core file repair (download from WordPress.org SVN with checksum verification) * Post-Hack recovery tools * Malware quarantine and permanent delete ## Méta * Version **4.0.1** * Dernière mise à jour **il y a 2 jours** * Installations actives **Moins de 10** * Version de WordPress ** 5.0 ou plus ** * Testé jusqu’à **6.9.4** * Version de PHP ** 7.4 ou plus ** * Langue * [English (US)](https://wordpress.org/plugins/liveupx-security/) * Étiquettes * [2FA](https://fr.wordpress.org/plugins/tags/2fa/)[firewall](https://fr.wordpress.org/plugins/tags/firewall/) [login protection](https://fr.wordpress.org/plugins/tags/login-protection/)[malware scanner](https://fr.wordpress.org/plugins/tags/malware-scanner/) [security](https://fr.wordpress.org/plugins/tags/security/) * [Vue avancée](https://fr.wordpress.org/plugins/liveupx-security/advanced/) ## Évaluations Aucun avis n’a encore été envoyé. [Your review](https://wordpress.org/support/plugin/liveupx-security/reviews/#new-post) [Voir tous les avis](https://wordpress.org/support/plugin/liveupx-security/reviews/) ## Contributeurs * [ Liveupx ](https://profiles.wordpress.org/liveupx/) ## Support Demandes résolues ces deux derniers mois : 1 sur 1 [Voir le forum de support](https://wordpress.org/support/plugin/liveupx-security/)