Secure your WordPress for less this Black Friday. Get 30% off!

All-In-One Security (AIOS) is teeming with powerful WordPress security features.

With 1 + million active installs, and a 4.5 / 5 star rating on WordPress.org, you can trust AIOS to keep your WordPress website safe.

Try it this Black Friday and get 30% off! Just use coupon code bf2024partners at checkout.

Login security

Get two-factor authentication, login lock out rules, prevent user enumeration and more. Plus the WordPress 'Salts' feature extended!

File and database security

Get notified of any file changes that occur outside of normal operations. Block access to key files and scan folders and files to spot insecure permissions. Click once to resolve and keep your WordPress website safe!

Firewall

Get PHP, .htaccess and 6G firewall rules courtesy of Perishable Press. Spot and block fake Google Bots and more!

Audit log

View events happening on your WordPress website. Find out if a plugin or theme has been added, removed, updated, activated or deactivated.

Spam prevention

Prevent annoying spam comments and reduce unnecessary load on the server. Automatically and permanently block IP addresses that exceed a set number of spam comments.

TFA enhanced!

Make two-factor authentication compulsory for some user roles and not others, require TFA after a set time and control how often TFA s required. Support for third party login forms e.g. Elementor Pro, emergency codes and customise design layout.

Premium only

Malware scanning

AIOS automatically scans your WordPress website for malware weekly. We also check for downtime and response time issues, and we’ll notify you if your website is blacklisted by Google.

Premium only

Country blocking

Most attacks come from a handful of countries. Prevent most of them by blocking traffic based on country of origin to 99.5% accuracy!

Premium only

404 error blocking

Automatically block hackers based on how many 404 errors they generate. Handy charts show how many 404s have occurred and where they’re coming from.

Premium only

Premium support

Direct email support from the developers. We can do more to support you than is permitted in the WordPress forums.

Premium only

Don't just take our word for it...

Get every feature of AIOS Premium 

Use coupon code bf2024partners at checkout.

Automatic malware scanning

Detect and protect against the latest malware, trojans, and spyware.

Premium only

Advice and malware removal

Need hands-on advice and support for malware removal? Our team of genuine cyber security experts are here to help.

Premium only

Smart 404 block by URL string

Instantly block an IP address if a 404 event includes a specific URL string.

Premium only

Detect and manage ‘admin’ usernames

Identify default ‘admin’ usernames and guide users to change them to protect against brute force attacks.

Force user logout

Automatically log out users after a specified period of time. Unattended sessions are closed, reducing the risk of unauthorised access.

Force user logout

Automatically log out users after a specified period of time. Unattended sessions are closed, reducing the risk of unauthorised access.

Customise TFA design layout

Adjust the TFA design to match your website’s existing layout and branding.

Premium only

Scan and fix file permissions

Scan for insecure file permissions. Click once to fix issues and safeguard critical files and folders.

Prevent image hotlinking

Prevent other websites from displaying your images via hotlinking and protect server bandwidth.

Get PHP firewall rules

PHP firewall rules prevent malicious users from exploiting well known vulnerabilities in XML-RPC. Safeguard your content by disabling RSS and atom feeds and avoid cross-site scripting (XSS) attacks.

Block spam coming from bots

Reduce the load on your server and improve the user experience by automatically blocking spam comments from bots.

Alerts you to blacklisting by search engines

Monitors your site for blacklisting by search engines due to malicious code.

Premium only

Notification if something's a miss

Receive notifications about any issues with your site so you can address problems before they escalate.

Premium only

Smart 404 whitelisting

Prevent particular IP addresses from being permanently blocked due to 404 events.

Premium only

Identify and correct identical login and display names

Detect cases where the display name matches the username and provide guidance to improve login security.

Manually approve new registrations

Review and approve new user registrations to prevent spam and fake sign-ups.

Two-factor authentication

Require TFA for specific user roles. Supports Google Authenticator, Microsoft Authenticator, Authy and many more.

TFA support for login forms

Integrate TFA with various login forms, including WooCommerce, Affiliates-WP, Elementor Pro, bbPress, and ‘Theme my Login’ without additional coding.

Premium only

Disable PHP file editing

Disable editing of PHP files (such as plugins and themes) via the dashboard. It’s often the first tool that attackers use as it allows for code execution.

Block fake Google bots and POST requests made by bots

Block fake google bots and stop bots from making POST requests by blocking IP addresses where the user-agent and referrer fields are blank.

Monitor spam IP addresses

Monitor the IP addresses of people or bots leaving spam comments. Choose which ones to block or block based on a configurable number of comments left.

Response time monitoring

Keep track of your website’s response time to identify and address any performance issues.

Premium only

Block IPs based on 404 errors

Detect hackers probing your URLs via script and bots by the 404 errors they leave behind.

Premium only

Country blocking

Most malicious attacks come from a handful of countries. Block most of them through country blocking!

Premium only

Prevent user enumeration

Block unauthorised access to URLs that can reveal sensitive information such as usernames or other details.

Enhance WordPress security

Adds 64 extra characters to WordPress salts, rotating them weekly. Makes cracking passwords virtually impossible, even if your database is stolen.

Require TFA after a set time period

Mandate TFA for all admins or other roles after their accounts reach a specified age.

Premium only

TFA emergency codes

Generate one-time use emergency codes to regain access if you lose your TFA device.

Premium only

Protect sensitive files

Prevent access to files like readme.html that might reveal information about your WordPress installation.

Secure database backups

Perform a database backup via UpdraftPlus from AIOS. Change the default ‘WP_’ prefix to hide your WordPress database from hackers.

Utilise 6G firewall rules

Employ flexible blacklist rules to reduce the number of malicious URL requests that hit your website (courtesy of Perishable Press).

Uptime monitoring

Checks your website’s uptime every 5 minutes and alerts you immediately if your site or server goes down.

Premium only

Smart 404 Configuration

Set the maximum number of 404 events allowed before an IP address is blocked. Choose a time period within which the 404 events must occur (e.g. 10 404 errors within 10 minutes).

Premium only

Country to the entire site or to specific pages and posts

Useful if you’re an e-commerce site and you want to block sales to some countries for shipping or tax reasons.

Premium only

Control login attempts

Prevent brute force attacks by limiting the number of failed login attempts. Choose how many login attempts are allowed, set lock out durations and more.

Monitor and manage active sessions

If a user is logged in who shouldn’t be, log them out or add them to a blacklist.

Control how often TFA is required

Set TFA to be required after a certain number of days on trusted devices, instead of on every login.

Premium only

File change scanner

Get notified of any file changes which occur on your system. Exclude files and folders which change as part of normal operations.

Get .htaccess firewall rules

Deny access to the .htaccess and wp-config.php file. Disable the server signature and limit file uploads to a configurable size. Block access to the debug.log file and prevent Apache servers from listing the contents of a directory when an index.php file is not present.

and more..

Blacklist (and whitelist) IP ranges and user agents and block unauthorised access to data by disabling REST API access for non-logged in requests.

Still on the Fence?

AIOS is packed full of features and more cost effective than the competition, even at full price! AIOS is actively installed on more than one million WordPress websites and rated 4.5/5 stars on WordPress.org.

Enter coupon code bf2024partners at checkout. Subscriptions automatically renew at full price after your first year. You can cancel any time after purchasing by visiting aiosplugin.com/my-account

Questions

You'll get the premium plugin to install on your WordPress website(s) plus licences for our site scanner service. You'll also get access to new premium features, fixes and tweaks, for as long as you're subscribed. The latest versions of AIOS are always compatible with the latest versions of WordPress. Stay subscribed to maintain compatibility with WordPress core.

AIOS Premium customers get premium support via email. If you need help, fill out a customer support form and we'll email you back. Free customers can ask for help in the WordPress support forum.

We can do more to help you via our own channels than is allowed under WordPress forum guidelines e.g. we can take a copy of your site (minus the user data) to replicate any errors you may be experiencing.

We receive positive feedback about our support all of the time. See what others are saying on our parent company's TrustPilot page.

It does. Automatic renewal ensures your instance of AIOS doesn't lapse by accident, giving you continued protection. Subscriptions renew at full price.  If you don't want to renew, you can cancel at any time from My Account.