All-In-One Security (AIOS) Release 5.2.5: UI Improvements

The new release from AIOS has improved key features of the UI, leading to a smoother experience and a more intuitive, easy to use interface for users. Important elements which have been updated include a complete overhaul of the scanner page, as well as a number of new user interface widgets. Multiple admin menus have also been merged into one, nested under a new user security menu.

We would also like to thank Naveen Muthusamy for discovering a defect which would have allowed potential hackers to access websites via hidden login pages on multisite installs. This defect has now been fixed.

For a full list of changes, please see the changelog below: 




* SECURITY: On a multisite install, if using the AIOS feature for renaming and hiding the login page, a route existed for an attacker to discover the hidden login page, thus negating the usefulness of the feature. Thanks to Naveen Muthusamy for disclosing this defect.

* FEATURE: Block POST requests that have a blank user-agent and referer

* FEATURE: Added reverse IP Lookup data to the login lockdown notification email

* FIX: Prevent a fatal error when setting up the firewall if the host has disabled the function parse_ini_file

* FIX: Prevent the firewall message store from filling up with unused entries

* FIX: Prevent legitimate Googlebot traffic being blocked on sites where the gethostbyaddr function fails or is disabled

* FIX: An issue that prevented MainWP updates from being performed correctly

* FIX: Prevent user enumeration via the REST API and oEmbed protocol

* FIX: User agent blacklist not matching all strings correctly

* FIX: Logged in user table not showing the correct information

* TWEAK: Improve comment spam detection by using hidden fields and cookies

* TWEAK: Login whitelist suggests both IPv4 and IPv6 addresses to whitelist

* TWEAK: The menu actions in the dashboard admin menu are now processed via AJAX

* TWEAK: Converted checkboxes in the admin menu pages to switches

* TWEAK: Add network_id and site_id column to debug logs table for differentiating logs between sites on multisite

* TWEAK: Combined various user admin menus into a new ‘User Security’ admin menu

* TWEAK: Export configuration filename now reflects the local timezone.

* TWEAK: Improve the UI/UX of the file scanner making way for future improvements

* TWEAK: Redesign the feature manager badges

* TWEAK: Removed various admin menu tabs as previously announced

* TWEAK: Add features that depend on other plugins to the feature manager conditionally

* TWEAK: Added a null check to function that removes wp meta info from scripts and styles src to prevent a PHP deprecation warning

* TWEAK: Audit log date and time are now displayed in the sites timezone

* TWEAK: PHP warning undefined array key REQUEST_METHOD in rule-proxy-comment-posting.php

* TWEAK: When TranslatePress is active, logging out via WooCommerce should not show a 404 page if the “rename login page” setting is on.

Share This Post

More To Explore...


WordPress security audit checklist

Ensuring your WordPress website’s security is vital for protecting sensitive data, keeping customer trust, and safeguarding your online business. A