Submit Changelog
Track Changelogs

Liveupx Security

Changelog

4.0.1

  • FIX: Custom Login URL feature now correctly serves the login page at the custom slug
  • FIX: Direct wp-login.php access now properly returns 404 for non-authenticated visitors
  • FIX: Password reset, logout, and other core WordPress actions no longer blocked by custom login URL
  • FIX: Logged-in administrators can still access wp-login.php directly
  • FIX: Replaced PHP parse_url() with WordPress wp_parse_url() for coding standards compliance

4.0.0

  • NEW: Multi-provider CAPTCHA (reCAPTCHA v3, hCaptcha, Cloudflare Turnstile)
  • NEW: Magic link / passwordless login
  • NEW: Progressive lockouts (escalating duration per IP)
  • NEW: Trusted device (30-day 2FA bypass cookie)
  • NEW: Geolocation login alerts with one-click account lock
  • NEW: Subnet auto-blocking
  • NEW: Remote WAF rule feed
  • NEW: Admin-defined custom firewall rules
  • NEW: Per-endpoint rate limiting
  • NEW: REST API security controls
  • NEW: Verified bot allowlist (Google, Bing, etc.)
  • NEW: Referrer blocking with spam presets
  • NEW: Vulnerability Scanner (WPScan API)
  • NEW: Database malware scanner
  • NEW: Plugin/theme checksum verification
  • NEW: wp-config.php and .htaccess integrity check
  • NEW: Heuristic risk scoring (0–100) for malware
  • NEW: Auto-quarantine on scan
  • NEW: Scan diff (new vs cleared threats)
  • NEW: HTML email templates for all alerts
  • NEW: Webhook/Slack notifications
  • NEW: Real-time dashboard stats
  • NEW: 7-day login attempt chart
  • NEW: Security score breakdown by category
  • NEW: Inactive user auto-lock
  • NEW: Admin action audit trail
  • NEW: Active session manager
  • NEW: GDPR IP anonymization
  • NEW: WP-CLI commands
  • NEW: Settings import/export (JSON)
  • NEW: Configurable log retention
  • NEW: CSP visual builder
  • NEW: CSP violation reporting endpoint
  • NEW: Permissions-Policy per-feature builder
  • NEW: Security header A–F grade
  • NEW: Vulnerabilities admin page
  • FIX: TOTP user_id detection on Edit User page
  • FIX: DISALLOW_FILE_MODS now properly wired
  • FIX: RSS toggle uses AJAX save (not fragile hidden form)
  • FIX: WooCommerce login honeypot and CAPTCHA support
  • FIX: Geo API fallback chain (ip-api.com → ipapi.co → skip)

3.0.0

  • TOTP 2FA (Google Authenticator), email OTP fallback, backup codes
  • Core file repair (download from WordPress.org SVN with checksum verification)
  • Post-Hack recovery tools
  • Malware quarantine and permanent delete

Plugin Website
Visit website

Author
Liveupx
Version:
4.0.1
Last Updated
April 9, 2026
Requires
WordPress 5.0
Tested Up To
WordPress 6.9.4
Requires PHP
7.4

Share Post

Join our newsletter.

Get insights into what’s happening at ChangelogWP right in your inbox. We don’t believe in spam.