All-In-One Security Free Release v5.3.1: CAPTCHA for Password-Protected Pages/Posts

In this release, we’ve introduced a new feature that enhances security for your WordPress site: CAPTCHA for pages and posts. 

With our new CAPTCHA integration, you can add an additional layer of security to pages and posts that are already password-protected. While CAPTCHA was already available for login and registration pages, this new release allows you to add CAPTCHA to pages and posts as well. Users will need to solve a CAPTCHA challenge before gaining access, ensuring that only genuine human visitors can view the content.

In addition to the CAPTCHA feature, we’ve made several other enhancements and fixes. We’ve resolved an issue where the CAPTCHA wasn’t displaying correctly on the BuddyPress registration page. 

Previously, if you’d renamed the login page and enabled the login whitelist features in WooCommerce, you may have encountered a logout issue. Rest assured, we’ve fixed it.

For the full list of changes, please review the changelog below.



* FEATURE: Added CAPTCHA to password protected pages/posts

* FIX: Captcha not showing on the BuddyPress registration page

* FIX: WooCommerce logout issue when the renamed login page and login whitelist features are both enabled

* FIX: Missing CAPTCHAs when multiple WooCommerce login and register forms are on the same page

* FIX: Fixed an issue with the 404 detection actions

* FIX: A UI issue with the 2FA QR code image

* TWEAK: Added the attribute data-cfasync=”false” to the default captcha url to allow loading on Cloudflare Rocket Loader

* TWEAK: Purge login lockdown table records after 90 days to restrict size. The AIOS_PURGE_LOGIN_LOCKOUT_RECORDS_AFTER_DAYS constant has been added to change the default.

* TWEAK: Updated the malware scanner frequency text from daily to weekly

* TWEAK: Updated the password strength meter UI for the password tool

* TWEAK: Add a ‘Lock IP’ and ‘Blacklist IP’ link to the IP column of the audit log.

* TWEAK: Enhance fake Googlebot detection. In the case where gethostbyaddr fails, the firewall will fallback to checking against known Googlebot IP ranges

* TWEAK: Updated the column header for the  “Permanent Blocked IP Addresses” table to be consistent with other tables

* TWEAK: Prevent warning when DISALLOW_FILE_EDIT has already been defined

* TWEAK: Fix instances of one translation function being used for multiple sentences

* TWEAK: Improved the UX during AJAX calls

* TWEAK: Removed Trash spam comments duplicated description


Get peace of mind, install AIOS premium

The hard work you’ve put into your website deserves the best protection. AIOS Premium monitors your site for trojan horses, adware, worms, spyware and other malicious code that could have devastating consequences for your WordPress investment.

AIOS Premium customers also benefit from personalised, ticketed support from a team of security experts. Advanced two-factor authentication, a country blocking tool and smart 404 error blocking give your website the protection it deserves. 

Get Premium

Share This Post

More To Explore...


WordPress security audit checklist

Ensuring your WordPress website’s security is vital for protecting sensitive data, keeping customer trust, and safeguarding your online business. A