All-In-One Security plugin The All In One WordPress Security and Firewall is a distinct plugin specialized in the security of WordPress sites, which has won the trust of millions of users of this platform. Here we present a summary in which we explain about this plugin and the most important advantages it provides to the user. We have used several sources in writing this summary, on top of which comes the official website of the developers, as well as the opinions of users on the wordpress.org site, in addition to our personal opinion based on our experience with it.
We include here the users rating and a summary of their opinions on this plugin, according to the wordpress.org site. Final rating: 4.8 stars Rating percentages: 5 stars: 87% 4 stars: 10% 3 stars: 2% 2 stars: 0.5% 1 star: 0.5% All In One Security and Firewall is a well-received plugin that provides robust security features for WordPress sites. Users appreciate its comprehensive protection and ease of use, making it an excellent choice for website security.
What does All-In-One Security for WordPress do?
Protect against brute-force attacks and keep bots at bay. AIOS takes WordPress’ default login security features to a whole new level.
AIOS detects if an account has the default ‘admin’ username or if a user has identical login and display names, prompting the user to change this in support of better security practices.
Configure a custom URL for the WordPress ‘Admin’ login page, making it harder for bots to find.
Hackers use automated code to attack websites like yours. Make life harder for them and protect your site with this simple but effective AIOS security feature.
External users making multiple login attempts can be locked out for a configured period of time. You can also lockout users with invalid usernames. See a list of all locked out users and unlock with one click.
AIOS provides a wealth of information about users of your WordPress website. View activity by username, IP address, login and logout dates and times. See a list of users currently logged in, and a list of all failed login attempts.
Ensure users don’t stay logged in indefinitely. With AIOS you can force logouts for all users after a configurable amount of time.
Add Google reCAPTCHA, plain maths CAPTCHA or a honeypot to registration pages to prevent spam registration or enable manual approval of user accounts instead.
Prevent external users and bots from fetching user information via author permalink.
Our unique role based feature allows site owners to turn off TFA for some user roles or make it compulsory for others. AIOS TFA supports Google Authenticator, Microsoft Authenticator, Authy and many more.
Calculates how long it would take for your password to be cracked in the event of a brute force attack.
Put your site into “maintenance mode” and lock down the front-end to all visitors. This can be useful while doing back end tasks, like performing site upgrades or investigating security threats.
A Web Application Firewall (WAF) is your website's first line of defence, protecting your site by monitoring traffic and blocking malicious requests. Activate firewall settings ranging from basic, intermediate and advanced. Get comprehensive and instant protection with All-In-One Security.
ur team maintains a list of known exploits, actively building protections against them which are then released as new firewall rules to free and paying customers
Web servers process the .htaccess file before anything else on your site. AIOS firewall adds rules to your .htaccess file to deny access to both itself and your wp-config.php file, limit file upload size and disable the server signature.
AIOS incorporates ‘6G Blacklist’ firewall rules, protecting your site against a known list of malicious URL requests, bots, spam referrers and other attacks (courtesy of Perishable Press).
Bots presenting as Google crawlers can steal your content and litter your webpage with comment spam. Protect against it with AIOS Firewall.
Ban users by IP address, IP address range or by specifying user agents.
Prevent malicious users from performing DDOS attacks through a known vulnerability in WordPress XML-RPC pingback functionality.
Protect server bandwidth and your website’s content by preventing other sites from using your imagery via hotlinking.
AIOS prevents attackers from injecting malicious script into your website via a special cookie.
Our scanners alert you to file changes in your WordPress system, so you can see if a change is legitimate or suspicious, and investigate as appropriate.
Protect your PHP code by disabling the ability to edit files in the WordPress administration area.
Identify files or folders where the permission settings are not secure and correct with one-click.
Advanced users can add custom rules to block access to various resources on your site.
Prevent external users from accessing the readme.html, license.txt and wp-config-sample.php files of your WordPress site.
Eliminate spam, protect your WordPress content, and your search engine rankings with these important security features from All-In-One-Security.
Webpages littered with spam comments damage your brand, effect the user experience and impact SEO. AIOS stops SPAM at the source by preventing comments that originate from other domains. AIOS automatically and permanently blocks Spammers’ IP addresses. Site owners can use reCAPTCHA to reduce comment spam and block malicious users with just one click.
Preventing other websites from reproducing your content via an ‘iFrame’ is an important feature that protects your intellectual property and your website visitors.
Stop users from stealing your content by disabling the right-click, select and copy text function.
RSS and Atom Feeds can be used by bots to ‘scrape’ your website content and present it as their own. This feature prevents that by disabling RSS and Atom Feeds on your website.
Get Malware scanning, Flexible Two-Factor Authentication, Smart 404 Blocking, Country Blocking, Premium Support and extra peace of mind with AIOS Premium.
Finding out by accident that your site has been infected with malware is too late. Malware can have a dramatic effect on your site’s search rankings and you may not even know about it. It can slow your WordPress site down, access customer data, send unsolicited emails, change your content or prevent users from accessing it.
Best-in-class scanning for the latest malware, trojans and spyware 24/7.
A site hacked with malicious code can very quickly be blacklisted by search engines. AIOS Premium monitors your site’s blacklist status daily.
We’ll notify you of any issues within 24 hours so you can take action, before it’s too late.
You’ll know immediately if website response time is negatively affected.
AIOS checks website uptime every 5 minutes! We’ll notify you straight away if your site/server goes down.
Register and remove WordPress sites from the scanning service at any time.
Reports are available via the ‘My Account’ page and directly via email.
If issues are detected, our dedicated team here to help.
With Two-Factor Authentication (TFA) users enter their username and password and a one-time code sent to a device to login. TFA is a feature in both our free and premium packages, but AIOS Premium affords whole new levels of control over how TFA is implemented.
Make TFA compulsory for certain roles, e.g. for admin and editor roles.
For example, you could require all admins to have TFA once their accounts are a week old.
Ask for TFA after a chosen number of days for trusted devices instead of on every login.
Option to hide the existence of forms on WooCommerce login pages unless JavaScript is active.
Customise the design of TFA so that it aligns with your existing web design.
Generate a one-time use emergency code to allow access if your device is lost.
Compatible with WordPress multisite networks and sub-sites.
Support for WooCommerce and Affiliates-WP, Elementor Pro, bbPress and all third-party login forms without any further coding needed. Also compatible with ‘Theme my Login’.
AIOS supports TOTP and HOTP protocols. It can be used with Google and Microsoft Authenticator, Authy and many more.
404 errors can occur when someone legitimately mistypes a URL, but they’re also generated by hackers searching for weaknesses in your site.
AIOS Premium provides more protection than the competition by automatically and permanently blocking IP addresses of bots and hackers based on how many 404 errors they generate.
Handy charts keep you informed of how many 404s have occurred and which IP address or country is producing them.
Most malicious attacks come from a handful of countries and so it’s possible to prevent most attacks with our country blocking tool.
AIOS Premium utilises an IP database that promises 99.5% accuracy.
Block access to your whole WordPress site or on a page-by-page basis.
Whitelist IP addresses or IP ranges even if they are part of a blocked country.
Premium Support for Premium Customers
Personalised, email support from our team of Security experts, as and when you need it.
We offer a guaranteed response time of three days. 99% of AIOS Premium customers receive a response to their enquiry within 24 hours.
Note: All the following questions and answers are taken from the support section of the AIOS
Yes. AIOS works smoothly with most popular WordPress plugins.
Yes. WordPress Security is something that evolves over time. We update AIOS with new security features (and fixes if required) on a regular basis so you can be assured that your site will keep benefitting from new security protection techniques for as long as you need them.
No.
The decision is yours to make. ‘Free’ AIOS incorporates a web application firewall, comprehensive login security tools including two-factor authentication and all the latest recommended WordPress security practices and techniques.But if your WordPress site is a business website, if it showcases what you do, or who you are, we generally recommend AIOS Premium. Prices start from as little as $70 for the year.
AIOS Premium scans your WordPress website for malware whilst aso monitoring your site’s response time and uptime, notifying you of any issues within 24 hours, AIOS Premium customers also benefit from hands-on ticketed support via email (rather than via WP Support forums).Additional security tools include Country Blocking, Smart 404 Error Blocking and Advanced Two Factor Authentication.More information is available from our All-In-One Security website
In the web shop, purchase your preferred subscription. After completing the purchase, you will be emailed a link to download the plugin. You can also access the link through your “My Account” page.After downloading the zip file, install and activate the plugin through WP Admin->Plugins->Add New->Upload Plugin.The premium extends the free version. Therefore you should keep the free version installed and active. You will also be prompted to enter your AIOS username and password to connect your site to licenses. This will allow the plugin to receive updates.
No, you do not need to have the free version of the plugin installed before installing Premium. The premium plugin will automatically deactivate the free version if it is installed on the site.
Yes, AIOS Premium is compatible with WordPress multisites. For multisite networks, the protection will apply to the network as a whole, and the dashboard and options will be available on the main site of the WordPress multisite.
There is no 100% guarantee that a security plugin will be able to protect against all attacks, as there is always the possibility of unknown WordPress vulnerabilities or other unexpected factors, and attackers are always seeking to develop new ways around protections. However, All-In-One Security gives good protection against known attack methods, and is under continuous development to monitor and improve protections.
AIOS should be compatible with most hosts, unless the host has specifically restricted the use of security plugins. Similarly, certain features may not work on some servers, especially Windows/IIS platforms. Features that use the ‘.htaccess’ file will not apply on a Windows IIS server or NGINX server (but development is ongoing to port those protections to all servers).
Development and test sites require their own licence if updates to the plugin are needed.However, these sites can be disconnected from the licence when they have served their purpose. You can disconnect the licence via the site’s WP Admin->Plugins page, and it will be available to be reassigned to a different site.
This plugin is designed for WordPress administrators seeking a complete security solution, offering features like login protection, firewall settings, and database backup for an overall safer website.
We offer you all the benefits of the AIOS Premium Package, which contains:
Login Security Feature Suite Firewall and File Protection Feature Suite Content Protection Feature Suite Malware Scanning Automatic Malware Scanning Response time monitoring Up-time monitoring Prevents blacklisting by search engines Flexible assignment Malware reports Flexible Two-Factor Authentication Authenticator apps Role specific configuration Require TFA after a set time period Trusted devices - control how often TFA is required Anti-bot protection Customise TFA design layout TFA Emergency Codes TFA Multisite Compatibility TFA Support for login forms Smart 404 Blocking Automatically and permanently blocks bots producing 404s 404 error charts Country Blocking Block traffic based on country of origin Whitelist some users from blocked countries Premium Support Unlimited Support Guaranteed response time
The latest tech news, the WordPress world, tutorials, and helpful tips. Sent once a day. You can opt out at any time - we respect your privacy.
Newsletters to keep you close
Disclaimer Third party logos and marks are registered trademarks of their respective owners. All rights reserved
Subscribe to our weekly mailing list to stay updated on the latest in economics and the digital world, and get free links to download two comprehensive educational packs with video lessons on email marketing and SEO.