Lumiverse Security Watchdog Lite
Dashboard with health status, Live Watch overview, and Traffic Shield statistics
Lumiverse Security Watchdog Lite
Lumiverse Security Watchdog Lite is a lightweight yet powerful WordPress security plugin designed to detect early signs of compromise and reduce common attack surfaces.
It runs automated background scans and alerts you when something suspicious is detected.
What it monitors
✔ Malware signatures (JS & PHP)
Scans files for known malware patterns including injectors, obfuscated scripts, and common webshell families.
✔ Changed JavaScript files
Detects modified .js files and analyzes them for suspicious behavior.
✔ Live Watch Mode
Adds a lightweight metadata watcher for risky files. In Lite it tracks up to 3000 files and monitors uploads, plugins, themes, wp-content root and optional WordPress core paths.
✔ Plugins (new, deleted, suspicious)
– Detects newly installed or removed plugins
– Flags suspicious plugin names (e.g. random/hash-based folders)
– Detects known fake/suspicious plugin families from the remote threat feed
✔ Core integrity checks
– Flags important WordPress core files modified recently
– Scans recent core PHP files for suspicious patterns
✔ Uploads directory scanning
– Detects PHP files inside uploads (common malware location)
– Detects executable files (php, phtml, phar, etc.)
✔ Admin user monitoring
– Detects new admin accounts
– Flags suspicious admin usernames or invalid emails
✔ Database backdoor indicators
– Detects suspicious entries used by hidden admin exploits
Security Hardening Features
Reduce attack surface with one-click protections:
✔ Block XML-RPC
✔ Disable application passwords
✔ Disable file editing (wp-admin editor)
✔ Disable plugin/theme installation & updates (optional)
✔ Disable plugin/theme deletion
✔ Hide login error messages
✔ Login Guard with safe Lite defaults
✔ Block pingbacks
✔ Block user enumeration
✔ Block comments sitewide
✔ Block password reset for administrators
Traffic Shield Features
✔ Smart behavior-based IP traffic protection
✔ Internal abuse scoring to identify abusive patterns without relying only on raw request counts
✔ WooCommerce-aware cart/wishlist protection for common add-to-cart and add-to-wishlist floods
✔ XML-RPC request blocking
✔ Dynamic 404 flood protection
✔ Suspicious query string blocking
✔ Emergency Mode that activates only when high site-wide traffic pressure is combined with suspicious request pressure
✔ Whitelisted IPs for trusted office, developer or administrator addresses
✔ Live Monitor for current traffic and block status
Alerts & Monitoring
✔ Email notifications when threats are detected
✔ Optional Live Watch email alerts
✔ Optional auto-fix to disable user registration
✔ Admin hygiene warnings (e.g. weak usernames)
Performance Focused
✔ Fast Mode: scan only recently modified files
✔ Live Watch uses file metadata instead of full content hashing
✔ Lightweight: no heavy server load
✔ Designed to work alongside plugins like Wordfence
Important
This plugin does NOT automatically clean malware.
It is a detection and monitoring tool that helps you:
– detect compromises early
– understand what changed
– take action before damage spreads