Abstract: Proactive defense against face forgery disrupts the generative ability of forgery models by adding imper-ceptible perturbations to the faces to be protected. The recent latent adversarial exploration (LAE) algo-rithm achieves better perturbation imperceptibility but the semantic information of its defensed faces is prone to be altered and its nullifying output after successful defense is prone to be edited by the forgery models. Therefore, this paper proposes an imperceptible proactive defense algorithm against second facial attribute editing. To address the problem of face semantic information alteration that is unacceptable to some face owners, the incompletely reversible encoder-generator structure in LAE is replaced by an or-thogonal discrete wavelet transform, and the perturbations are performed in the discrete wavelet transform domain; to address the problem that the nullifying outputs after successful defense are easily edited by the forgery models again, the nullifying attack in LAE is replaced by the non-targeted attack. Furthermore, to improve the visual quality of the defensed faces, the perturbations are added in chrominance channels of YCbCr color space because the human visual system is more sensitive to the perturbations in luminance channel; to increase the universality of the defensed faces, an ensemble strategy with dynamically updated weights is used for training. Experiments on the CelebA-HQ dataset with some mainstream algorithms show that the proposed algorithm improves the average attack success rate of the five face attribute editing mod-els by about 30%~43% compared to the two non-integrated algorithms, and 6%~9% compared to the three integrated algorithms, which better balances the imperceptibility of perturbation and the universality of defensed faces.