All-In-One Security (AIOS) Release 5.2.5: UI Improvements

The new release from AIOS has improved key features of the UI, leading to a smoother experience and a more intuitive, easy to use interface for users. Important elements which have been updated include a complete overhaul of the scanner page, as well as a number of new user interface widgets. Multiple admin menus have also been merged into one, nested under a new user security menu.

We would also like to thank Naveen Muthusamy for discovering a defect which would have allowed potential hackers to access websites via hidden login pages on multisite installs. This defect has now been fixed.

For a full list of changes, please see the changelog below: 




* SECURITY: On a multisite install, if using the AIOS feature for renaming and hiding the login page, a route existed for an attacker to discover the hidden login page, thus negating the usefulness of the feature. Thanks to Naveen Muthusamy for disclosing this defect.

* FEATURE: Block POST requests that have a blank user-agent and referer

* FEATURE: Added reverse IP Lookup data to the login lockdown notification email

* FIX: Prevent a fatal error when setting up the firewall if the host has disabled the function parse_ini_file

* FIX: Prevent the firewall message store from filling up with unused entries

* FIX: Prevent legitimate Googlebot traffic being blocked on sites where the gethostbyaddr function fails or is disabled

* FIX: An issue that prevented MainWP updates from being performed correctly

* FIX: Prevent user enumeration via the REST API and oEmbed protocol

* FIX: User agent blacklist not matching all strings correctly

* FIX: Logged in user table not showing the correct information

* TWEAK: Improve comment spam detection by using hidden fields and cookies

* TWEAK: Login whitelist suggests both IPv4 and IPv6 addresses to whitelist

* TWEAK: The menu actions in the dashboard admin menu are now processed via AJAX

* TWEAK: Converted checkboxes in the admin menu pages to switches

* TWEAK: Add network_id and site_id column to debug logs table for differentiating logs between sites on multisite

* TWEAK: Combined various user admin menus into a new ‘User Security’ admin menu

* TWEAK: Export configuration filename now reflects the local timezone.

* TWEAK: Improve the UI/UX of the file scanner making way for future improvements

* TWEAK: Redesign the feature manager badges

* TWEAK: Removed various admin menu tabs as previously announced

* TWEAK: Add features that depend on other plugins to the feature manager conditionally

* TWEAK: Added a null check to function that removes wp meta info from scripts and styles src to prevent a PHP deprecation warning

* TWEAK: Audit log date and time are now displayed in the sites timezone

* TWEAK: PHP warning undefined array key REQUEST_METHOD in rule-proxy-comment-posting.php

* TWEAK: When TranslatePress is active, logging out via WooCommerce should not show a 404 page if the “rename login page” setting is on.

Share This Post

More To Explore...