Secure your WordPress for less this Black Friday. Get 20% off!
All-In-One Security (AIOS) Premium is teeming with even more powerful WordPress security features. Try it this Black Friday and get 20% off! Just use coupon code blackfridaysale2024 at checkout.
TFA enhanced!
Make two-factor authentication compulsory for some user roles and not others, require TFA after a set time and control how often TFA s required. Support for third party login forms e.g. Elementor Pro, emergency codes and customise design layout.
Malware scanning
AIOS Premium includes a licence for our site scanning service. Automatically scan your WordPress website for malware weekly! It also checks for downtime and response time issues. We’ll even notify you if your website is blacklisted by Google.
Country blocking
Most attacks come from a handful of countries. Prevent most of them by blocking traffic based on country of origin to 99.5% accuracy!
404 error blocking
Automatically block hackers based on how many 404 errors they generate. Handy charts show how many 404s have occurred and where they’re coming from.
Premium support
Direct email support from the developers. We can do more to support you than is permitted in the WordPress forums.
Don't just take our word for it...
Get every feature of AIOS Premium
Use coupon code blackfridaysale2024 at checkout.
Automatic malware scanning
Detect and protect against the latest malware, trojans, and spyware.
Advice and malware removal
Need hands-on advice and support for malware removal? Our team of genuine cyber security experts are here to help.
Smart 404 block by URL string
Instantly block an IP address if a 404 event includes a specific URL string.
Detect and manage ‘admin’ usernames
Identify default ‘admin’ usernames and guide users to change them to protect against brute force attacks.
Force user logout
Automatically log out users after a specified period of time. Unattended sessions are closed, reducing the risk of unauthorised access.
Force user logout
Automatically log out users after a specified period of time. Unattended sessions are closed, reducing the risk of unauthorised access.
Customise TFA design layout
Adjust the TFA design to match your website’s existing layout and branding.
Scan and fix file permissions
Scan for insecure file permissions. Click once to fix issues and safeguard critical files and folders.
Prevent image hotlinking
Prevent other websites from displaying your images via hotlinking and protect server bandwidth.
Get PHP firewall rules
PHP firewall rules prevent malicious users from exploiting well known vulnerabilities in XML-RPC. Safeguard your content by disabling RSS and atom feeds and avoid cross-site scripting (XSS) attacks.
Block spam coming from bots
Reduce the load on your server and improve the user experience by automatically blocking spam comments from bots.
Alerts you to blacklisting by search engines
Monitors your site for blacklisting by search engines due to malicious code.
Notification if something's a miss
Receive notifications about any issues with your site so you can address problems before they escalate.
Smart 404 whitelisting
Prevent particular IP addresses from being permanently blocked due to 404 events.
Identify and correct identical login and display names
Detect cases where the display name matches the username and provide guidance to improve login security.
Manually approve new registrations
Review and approve new user registrations to prevent spam and fake sign-ups.
Two-factor authentication
Require TFA for specific user roles. Supports Google Authenticator, Microsoft Authenticator, Authy and many more.
TFA support for login forms
Integrate TFA with various login forms, including WooCommerce, Affiliates-WP, Elementor Pro, bbPress, and ‘Theme my Login’ without additional coding.
Disable PHP file editing
Disable editing of PHP files (such as plugins and themes) via the dashboard. It’s often the first tool that attackers use as it allows for code execution.
Block fake Google bots and POST requests made by bots
Block fake google bots and stop bots from making POST requests by blocking IP addresses where the user-agent and referrer fields are blank.
Monitor spam IP addresses
Monitor the IP addresses of people or bots leaving spam comments. Choose which ones to block or block based on a configurable number of comments left.
Response time monitoring
Keep track of your website’s response time to identify and address any performance issues.
Block IPs based on 404 errors
Detect hackers probing your URLs via script and bots by the 404 errors they leave behind.
Country blocking
Most malicious attacks come from a handful of countries. Block most of them through country blocking!
Prevent user enumeration
Block unauthorised access to URLs that can reveal sensitive information such as usernames or other details.
Enhance WordPress security
Adds 64 extra characters to WordPress salts, rotating them weekly. Makes cracking passwords virtually impossible, even if your database is stolen.
Require TFA after a set time period
Mandate TFA for all admins or other roles after their accounts reach a specified age.
TFA emergency codes
Generate one-time use emergency codes to regain access if you lose your TFA device.
Protect sensitive files
Prevent access to files like readme.html that might reveal information about your WordPress installation.
Secure database backups
Perform a database backup via UpdraftPlus from AIOS. Change the default ‘WP_’ prefix to hide your WordPress database from hackers.
Utilise 6G firewall rules
Employ flexible blacklist rules to reduce the number of malicious URL requests that hit your website (courtesy of Perishable Press).
Uptime monitoring
Checks your website’s uptime every 5 minutes and alerts you immediately if your site or server goes down.
Smart 404 Configuration
Set the maximum number of 404 events allowed before an IP address is blocked. Choose a time period within which the 404 events must occur (e.g. 10 404 errors within 10 minutes).
Country to the entire site or to specific pages and posts
Useful if you’re an e-commerce site and you want to block sales to some countries for shipping or tax reasons.
Control login attempts
Prevent brute force attacks by limiting the number of failed login attempts. Choose how many login attempts are allowed, set lock out durations and more.
Monitor and manage active sessions
If a user is logged in who shouldn’t be, log them out or add them to a blacklist.
Control how often TFA is required
Set TFA to be required after a certain number of days on trusted devices, instead of on every login.
File change scanner
Get notified of any file changes which occur on your system. Exclude files and folders which change as part of normal operations.
Get .htaccess firewall rules
Deny access to the .htaccess and wp-config.php file. Disable the server signature and limit file uploads to a configurable size. Block access to the debug.log file and prevent Apache servers from listing the contents of a directory when an index.php file is not present.
and more..
Blacklist (and whitelist) IP ranges and user agents and block unauthorised access to data by disabling REST API access for non-logged in requests.
Still on the Fence?
AIOS is packed full of features and more cost effective than the competition, even at full price! AIOS is actively installed on more than one million WordPress websites and rated 4.5/5 stars on WordPress.org.
Enter coupon code blackfridaysale2024 at checkout. Subscriptions automatically renew at full price after your first year. You can cancel any time after purchasing by visiting aiosplugin.com/my-account
Questions
You'll get the premium plugin to install on your WordPress website(s) plus licences for our site scanner service. You'll also get access to new premium features, fixes and tweaks, for as long as you're subscribed. The latest versions of AIOS are always compatible with the latest versions of WordPress. Stay subscribed to maintain compatibility with WordPress core.
AIOS Premium customers get premium support via email. If you need help, fill out a customer support form and we'll email you back. Free customers can ask for help in the WordPress support forum.
We can do more to help you via our own channels than is allowed under WordPress forum guidelines e.g. we can take a copy of your site (minus the user data) to replicate any errors you may be experiencing.
We receive positive feedback about our support all of the time. See what others are saying on our parent company's TrustPilot page.
It does. Automatic renewal ensures your instance of AIOS doesn't lapse by accident, giving you continued protection. Subscriptions renew at full price. If you don't want to renew, you can cancel at any time from My Account.