Title: Liveupx Security Author: Liveupx Published: 9 de enero de 2026 Last modified: 21 de marzo de 2026 --- Buscar plugins ![](https://ps.w.org/liveupx-security/assets/banner-772x250.png?rev=3447278) ![](https://ps.w.org/liveupx-security/assets/icon.svg?rev=3447278) # Liveupx Security Por [Liveupx](https://profiles.wordpress.org/liveupx/) [Descargar](https://downloads.wordpress.org/plugin/liveupx-security.4.0.0.zip) * [Detalles](https://es.wordpress.org/plugins/liveupx-security/#description) * [Valoraciones](https://es.wordpress.org/plugins/liveupx-security/#reviews) * [Instalación](https://es.wordpress.org/plugins/liveupx-security/#installation) * [Desarrollo](https://es.wordpress.org/plugins/liveupx-security/#developers) [Soporte](https://wordpress.org/support/plugin/liveupx-security/) ## Descripción Liveupx Security is a complete, 100% free WordPress security plugin that rivals paid solutions. No paywalls, ever. #### Core Features **Login Security** * Brute force protection with progressive lockouts (1st/2nd/ 3rd+ strikes escalate automatically) * Multi-provider CAPTCHA: Math, Google reCAPTCHA v3, hCaptcha, Cloudflare Turnstile * Honeypot bot detection (wp-login.php + WooCommerce)* Passwordless magic link login * Two-factor authentication: TOTP (Google Authenticator) + Email OTP * Trusted device (30-day bypass cookie) * Geolocation login alerts — notify when login comes from a new country * Subnet auto-blocking (repeated attacks from /24 range) * Custom login URL (hide wp-login.php) **Firewall / WAF** * PHP-based Web Application Firewall running at priority 1 * Remote WAF rule feed (auto-updated from liveupx.com) * Admin-defined custom firewall rules * Per-endpoint rate limiting (REST API, checkout, search, etc.) * REST API security controls (block guests, hide /users endpoint) * Country/geo blocking with API fallback chain * Bad bot blocking with verified bot allowlist (Google, Bing, etc.) * Referrer blocking with spam referrer presets * Bad query/XSS/SQL injection blocking * .htaccess security rules **Malware Scanner** * Chunked AJAX scanner — scans plugins, themes, uploads, mu- plugins * 30+ malware patterns including backdoors, crypto miners, shell injections* Heuristic risk scoring (0–100) per suspicious file * Auto-quarantine critical findings during scan * Scan diff — shows new threats vs last scan * Database malware scanner( posts, options, comments, users) * File quarantine and permanent delete **Vulnerability Scanner** * Powered by WPScan API (free tier) * Scans all active plugins and active theme for known CVEs * CVSS severity scoring (Critical/High/Medium/ Low) * Dashboard widget showing unresolved critical/high count * Dedicated Vulnerabilities admin page **File Integrity** * WordPress core file integrity check (vs WordPress.org checksums API) * Plugin & theme checksum verification (vs WordPress.org checksums) * wp-config. php and .htaccess tampering detection * Unknown PHP file detection in core directories **Core File Repair** * Downloads clean copies from WordPress.org SVN * MD5 verification before writing * Single file or bulk repair **Security Headers** * X-Frame-Options, X-Content-Type-Options, X-XSS-Protection* Referrer-Policy, Permissions-Policy (per-feature builder) * HSTS with preload support* Content-Security-Policy with visual builder * CSP violation reporting endpoint ( REST API) * A–F letter grade for your header configuration **User Security** * User enumeration protection (?author= + REST API) * Strong password enforcement * Block dangerous usernames (admin, root, etc.) * Inactive user auto-lock (configurable threshold) * Admin action audit trail * Active session manager (view & revoke) * GDPR IP anonymization **Post-Hack Recovery** * Lock PHP execution in uploads and wp-includes * Log out all users instantly * Force password reset for all users * Reinstall free plugins from WordPress.org * Delete version-revealing files (readme.html, etc.) * Weekly security summary email report **Monitoring & Notifications** * Activity log (filterable, paginated, CSV export, configurable retention) * HTML branded email alerts * Slack/webhook notifications( compatible with Make.com, Zapier, Discord) * Real-time dashboard stats (auto-refresh every 30s) * 7-day login attempt chart **Developer Tools** * WP-CLI commands (wp xsec status|scan|block-ip|unblock-ip| 2fa-reset|export-settings|import-settings) * Settings import/export (JSON) * Security score with category breakdown Developed by [Liveupx.com](https://liveupx.com) Cloud hosting partner: [xHost](https://xhost.live)— by Liveupx.com [Featured on JustHunt.co](https://justhunt.co/startups/x-security) ## Capturas * [[ * [[ * [[ * [[ * [[ * [[ ## Instalación 1. Upload the plugin files to `/wp-content/plugins/liveupx-security` 2. Activate the plugin through the ‘Plugins’ screen 3. Navigate to **Liveupx Security** in the admin menu 4. Review your security score and enable recommended features ## FAQ ### Is this plugin really 100% free? Yes. All features are free forever. No premium tier, no feature paywalls, no upsells. ### Will it conflict with other security plugins? It’s designed to work standalone. Deactivate conflicting security plugins (Wordfence, iThemes) before using. ### Does it support WooCommerce? Yes — honeypot and CAPTCHA protection apply to WooCommerce login forms. ### Does it support multisite? Basic multisite support in v4.0.0. Network-wide management is planned for v5. ## Reseñas No hay valoraciones para este plugin. ## Colaboradores y desarrolladores «Liveupx Security» es un software de código abierto. Las siguientes personas han colaborado con este plugin. Colaboradores * [ Liveupx ](https://profiles.wordpress.org/liveupx/) [Traduce «Liveupx Security» a tu idioma.](https://translate.wordpress.org/projects/wp-plugins/liveupx-security) ### ¿Interesado en el desarrollo? [Revisa el código](https://plugins.trac.wordpress.org/browser/liveupx-security/), echa un vistazo al [repositorio SVN](https://plugins.svn.wordpress.org/liveupx-security/) o suscríbete al [registro de desarrollo](https://plugins.trac.wordpress.org/log/liveupx-security/) por [RSS](https://plugins.trac.wordpress.org/log/liveupx-security/?limit=100&mode=stop_on_copy&format=rss). ## Registro de cambios #### 4.0.0 * NEW: Multi-provider CAPTCHA (reCAPTCHA v3, hCaptcha, Cloudflare Turnstile) * NEW: Magic link / passwordless login * NEW: Progressive lockouts (escalating duration per IP) * NEW: Trusted device (30-day 2FA bypass cookie) * NEW: Geolocation login alerts with one-click account lock * NEW: Subnet auto-blocking * NEW: Remote WAF rule feed * NEW: Admin-defined custom firewall rules * NEW: Per-endpoint rate limiting * NEW: REST API security controls * NEW: Verified bot allowlist (Google, Bing, etc.) * NEW: Referrer blocking with spam presets * NEW: Vulnerability Scanner (WPScan API) * NEW: Database malware scanner * NEW: Plugin/theme checksum verification * NEW: wp-config.php and .htaccess integrity check * NEW: Heuristic risk scoring (0–100) for malware * NEW: Auto-quarantine on scan * NEW: Scan diff (new vs cleared threats) * NEW: HTML email templates for all alerts * NEW: Webhook/Slack notifications * NEW: Real-time dashboard stats * NEW: 7-day login attempt chart * NEW: Security score breakdown by category * NEW: Inactive user auto-lock * NEW: Admin action audit trail * NEW: Active session manager * NEW: GDPR IP anonymization * NEW: WP-CLI commands * NEW: Settings import/export (JSON) * NEW: Configurable log retention * NEW: CSP visual builder * NEW: CSP violation reporting endpoint * NEW: Permissions-Policy per-feature builder * NEW: Security header A–F grade * NEW: Vulnerabilities admin page * FIX: TOTP user_id detection on Edit User page * FIX: DISALLOW_FILE_MODS now properly wired * FIX: RSS toggle uses AJAX save (not fragile hidden form) * FIX: WooCommerce login honeypot and CAPTCHA support * FIX: Geo API fallback chain (ip-api.com ipapi.co skip) #### 3.0.0 * TOTP 2FA (Google Authenticator), email OTP fallback, backup codes * Core file repair (download from WordPress.org SVN with checksum verification) * Post-Hack recovery tools * Malware quarantine and permanent delete ## Meta * Versión **4.0.0** * Última actualización **hace 2 semanas** * Instalaciones activas **Menos de 10** * Versión de WordPress ** 5.0 o superior ** * Probado hasta **6.9.4** * Versión de PHP ** 7.4 o superior ** * Idioma * [English (US)](https://wordpress.org/plugins/liveupx-security/) * Etiquetas: * [2FA](https://es.wordpress.org/plugins/tags/2fa/)[firewall](https://es.wordpress.org/plugins/tags/firewall/) [login protection](https://es.wordpress.org/plugins/tags/login-protection/)[malware scanner](https://es.wordpress.org/plugins/tags/malware-scanner/) [security](https://es.wordpress.org/plugins/tags/security/) * [Vista avanzada](https://es.wordpress.org/plugins/liveupx-security/advanced/) ## Valoraciones Aún no se han enviado valoraciones. [Añadir mi reseña](https://wordpress.org/support/plugin/liveupx-security/reviews/#new-post) [Ver todas las valoraciones](https://wordpress.org/support/plugin/liveupx-security/reviews/) ## Colaboradores * [ Liveupx ](https://profiles.wordpress.org/liveupx/) ## Soporte ¿Tienes algo que decir? ¿Necesitas ayuda? [Ver el foro de soporte](https://wordpress.org/support/plugin/liveupx-security/)