All-In-One Security (AIOS) release 5.2.2: Whitelist IP addresses

The new release from AIOS allows for greater control over the plugin’s firewall settings.

The latest release from AIOS introduces an important feature that allows admins to whitelist IP addresses, meaning the site will not run firewall rules on their requests. By being able to whitelist particular IP addresses, administrators have greater control over who can access the website and who can perform administrative action, without worrying about being blocked by the firewall. 

Further changes included in this update include a filter for the audit log; it is now possible to choose which events are recorded, helping you to streamline the log and focus on what’s important. The user experience has also been improved, with various aspects of the interface updated.

For the full list of changes, please see the changelog below:



* FEATURE: An allow list of IP addresses which bypass the firewall rules

* FIX: Fix get_class() on null fatal error when updating via ManageWP

* FIX: No such file or directory notice generated by the firewall’s config file

* FIX: Only send the upgrade email if one or more of the ported rules had been enabled * FIX: Fake Google bots are now blocked if bot server IP address does not resolve to a hostname

* FIX: Google reCaptcha now appears correctly on the WooCommerce checkout page

* FIX: Prevent Woocommerce auto login if manual registration approval is turned on

* FIX: Premium upgrade tab UI overlapping issue.

* FIX: Allow maintenance mode to be controlled via WP-CLI (Premium)

* FIX: Use the correct site id for login success events added to audit log table on Multisite

* FIX: Added missing features to the feature manager list

* FIX: A warning when using the update all command via WP-CLI

* TWEAK: AIOS settings based IP address is now used instead of the REMOTE_ADDR server variable for multiple wrong 2FA code notification

* TWEAK: Added ‘aios_audit_log_record_event’ filter to allow events to not be recorded * TWEAK: Improve the feature item manager code structure making way for future improvements

* TWEAK: Login whitelist suggests both IPv4 and IPv6 addresses to whitelist.

* TWEAK: Move the ‘Custom rules’ tab from the ‘Firewall’ section to its own tab in the ‘Tools’ section

* TWEAK: Move the ‘Prevent hotlinking’ tab to the ‘File protection’ tab in the ‘Filesystem Security’ menu

* TWEAK: Moved all CAPTCHA settings to the ‘CAPTCHA settings’ tab in the ‘Brute Force’ menu

* TWEAK: Moved the ‘Password tool’ tab to the ‘Tools’ admin menu

* TWEAK: Moved the ‘Visitor lockout’ tab to the ‘Tools’ admin menu

* TWEAK: Moved the ‘User registration honeypot’ tab to the ‘Brute force’ admin menu

* TWEAK: Remove ‘Account activity table’ as these entires are also recorded in the audit log

* TWEAK: Removed the ‘Failed login records’ tab as previously announced, these are now recorded in the audit log

* TWEAK: Improve list table code performance

* TWEAK: Removed use of $_GET, $_POST, $_REQUEST from all template files making way for future improvements

Share This Post

More To Explore...


WordPress security audit checklist

Ensuring your WordPress website’s security is vital for protecting sensitive data, keeping customer trust, and safeguarding your online business. A