Secure your WordPress for less this Black Friday. Get 30% off!
All-In-One Security (AIOS) is teeming with powerful WordPress security features.
With 1 + million active installs, and a 4.5 / 5 star rating on WordPress.org, you can trust AIOS to keep your WordPress website safe.
Try it this Black Friday and get 30% off! Just use coupon code bf2024partners at checkout.
Get two-factor authentication, login lock out rules, prevent user enumeration and more. Plus the WordPress 'Salts' feature extended!
Get notified of any file changes that occur outside of normal operations. Block access to key files and scan folders and files to spot insecure permissions. Click once to resolve and keep your WordPress website safe!
Get PHP, .htaccess and 6G firewall rules courtesy of Perishable Press. Spot and block fake Google Bots and more!
View events happening on your WordPress website. Find out if a plugin or theme has been added, removed, updated, activated or deactivated.
Prevent annoying spam comments and reduce unnecessary load on the server. Automatically and permanently block IP addresses that exceed a set number of spam comments.
Make two-factor authentication compulsory for some user roles and not others, require TFA after a set time and control how often TFA s required. Support for third party login forms e.g. Elementor Pro, emergency codes and customise design layout.
AIOS automatically scans your WordPress website for malware weekly. We also check for downtime and response time issues, and we’ll notify you if your website is blacklisted by Google.
Most attacks come from a handful of countries. Prevent most of them by blocking traffic based on country of origin to 99.5% accuracy!
Automatically block hackers based on how many 404 errors they generate. Handy charts show how many 404s have occurred and where they’re coming from.
Direct email support from the developers. We can do more to support you than is permitted in the WordPress forums.
Get every feature of AIOS Premium
Use coupon code bf2024partners at checkout.
Detect and protect against the latest malware, trojans, and spyware.
Need hands-on advice and support for malware removal? Our team of genuine cyber security experts are here to help.
Instantly block an IP address if a 404 event includes a specific URL string.
Identify default ‘admin’ usernames and guide users to change them to protect against brute force attacks.
Automatically log out users after a specified period of time. Unattended sessions are closed, reducing the risk of unauthorised access.
Automatically log out users after a specified period of time. Unattended sessions are closed, reducing the risk of unauthorised access.
Adjust the TFA design to match your website’s existing layout and branding.
Scan for insecure file permissions. Click once to fix issues and safeguard critical files and folders.
Prevent other websites from displaying your images via hotlinking and protect server bandwidth.
PHP firewall rules prevent malicious users from exploiting well known vulnerabilities in XML-RPC. Safeguard your content by disabling RSS and atom feeds and avoid cross-site scripting (XSS) attacks.
Reduce the load on your server and improve the user experience by automatically blocking spam comments from bots.
Monitors your site for blacklisting by search engines due to malicious code.
Receive notifications about any issues with your site so you can address problems before they escalate.
Prevent particular IP addresses from being permanently blocked due to 404 events.
Detect cases where the display name matches the username and provide guidance to improve login security.
Review and approve new user registrations to prevent spam and fake sign-ups.
Require TFA for specific user roles. Supports Google Authenticator, Microsoft Authenticator, Authy and many more.
Integrate TFA with various login forms, including WooCommerce, Affiliates-WP, Elementor Pro, bbPress, and ‘Theme my Login’ without additional coding.
Disable editing of PHP files (such as plugins and themes) via the dashboard. It’s often the first tool that attackers use as it allows for code execution.
Block fake google bots and stop bots from making POST requests by blocking IP addresses where the user-agent and referrer fields are blank.
Monitor the IP addresses of people or bots leaving spam comments. Choose which ones to block or block based on a configurable number of comments left.
Keep track of your website’s response time to identify and address any performance issues.
Detect hackers probing your URLs via script and bots by the 404 errors they leave behind.
Most malicious attacks come from a handful of countries. Block most of them through country blocking!
Block unauthorised access to URLs that can reveal sensitive information such as usernames or other details.
Adds 64 extra characters to WordPress salts, rotating them weekly. Makes cracking passwords virtually impossible, even if your database is stolen.
Mandate TFA for all admins or other roles after their accounts reach a specified age.
Generate one-time use emergency codes to regain access if you lose your TFA device.
Prevent access to files like readme.html that might reveal information about your WordPress installation.
Perform a database backup via UpdraftPlus from AIOS. Change the default ‘WP_’ prefix to hide your WordPress database from hackers.
Employ flexible blacklist rules to reduce the number of malicious URL requests that hit your website (courtesy of Perishable Press).
Checks your website’s uptime every 5 minutes and alerts you immediately if your site or server goes down.
Set the maximum number of 404 events allowed before an IP address is blocked. Choose a time period within which the 404 events must occur (e.g. 10 404 errors within 10 minutes).
Useful if you’re an e-commerce site and you want to block sales to some countries for shipping or tax reasons.
Prevent brute force attacks by limiting the number of failed login attempts. Choose how many login attempts are allowed, set lock out durations and more.
If a user is logged in who shouldn’t be, log them out or add them to a blacklist.
Set TFA to be required after a certain number of days on trusted devices, instead of on every login.
Get notified of any file changes which occur on your system. Exclude files and folders which change as part of normal operations.
Deny access to the .htaccess and wp-config.php file. Disable the server signature and limit file uploads to a configurable size. Block access to the debug.log file and prevent Apache servers from listing the contents of a directory when an index.php file is not present.
Blacklist (and whitelist) IP ranges and user agents and block unauthorised access to data by disabling REST API access for non-logged in requests.
Enter coupon code bf2024partners at checkout. Subscriptions automatically renew at full price after your first year. You can cancel any time after purchasing by visiting aiosplugin.com/my-account
You'll get the premium plugin to install on your WordPress website(s) plus licences for our site scanner service. You'll also get access to new premium features, fixes and tweaks, for as long as you're subscribed. The latest versions of AIOS are always compatible with the latest versions of WordPress. Stay subscribed to maintain compatibility with WordPress core.
AIOS Premium customers get premium support via email. If you need help, fill out a customer support form and we'll email you back. Free customers can ask for help in the WordPress support forum.
We can do more to help you via our own channels than is allowed under WordPress forum guidelines e.g. we can take a copy of your site (minus the user data) to replicate any errors you may be experiencing.
We receive positive feedback about our support all of the time. See what others are saying on our parent company's TrustPilot page.
It does. Automatic renewal ensures your instance of AIOS doesn't lapse by accident, giving you continued protection. Subscriptions renew at full price. If you don't want to renew, you can cancel at any time from My Account.