To install the free version of the AIOS plugin:

1. Log in to your WordPress site as the administrator.

2. In the left-hand menu of your WordPress dashboard, navigate to Plugins and click on Add New Plugin.


3. You’ll see a search bar on the top right, type ‘AIOS’.

4. Once you find the AIOS plugin, click Install Now.


5. After the installation is complete, click the Activate button to make the plugin active on your site.


The AIOS plugin has been successfully installed and activated on your site.

The premium version of AIOS provides additional and more advanced security features. However, it's important to note that it relies on the free version as its foundation. So make sure you have the free AIOS plugin installed and activated before proceeding. 

Here's how to install AIOS Premium:

1. Head over to the AIOS webshop and purchase your preferred subscription.

2. You'll receive an email with a download link for the plugin. Alternatively, you can access the link by going to ‘My Account’ > ‘Licences / download’ on the AIOS site.

3. Log in to your WordPress admin dashboard.

4. Navigate to Plugins and then click on Add New Plugin.

5. Click on the Upload Plugin button at the top of the page.


6. Click on Choose file and select the downloaded AIOS Premium plugin zip file.


7. Click on Install Now to upload and install the plugin.


8. Activate the plugin by clicking on the Activate Plugin button.


You will also be prompted to enter your AIOS email and password to connect your site to licences. This will allow the plugin to receive automatic updates.

Yes, the free AIOS plugin should be installed before installing and activating AIOS Premium.

AIOS Premium includes the premium plugin to be installed on your site, plus licences for our Site Scanner service. You will also gain access to our premium customer support.

Yes, AIOS Premium is compatible with WordPress multisites. For multisite networks, the protection will apply to the network as a whole, and the dashboard and options will be available to Network Administrators.

There is no 100% guarantee that a security plugin will be able to protect against all attacks, as there is always the possibility of unknown WordPress vulnerabilities or other unexpected factors.

However, All-In-One Security gives incredibly comprehensive protection against known attack methods.

The plugin should be compatible with most hosts, unless the host has specifically restricted the use of security plugins. Similarly, certain features may not work on some servers, especially Windows/IIS platforms. Any feature that affects the ‘.htaccess’ file will not apply on a Windows IIS server.

Development and test sites require their own licence if updates to the plugin are needed.

However, these sites can be disconnected from the licence when they have served their purpose. You can disconnect the licence via the site’s WP Admin->Plugins page, and it will be available to be reassigned to a different site.

These shortcodes can be added to a dedicated page where your users can manage their TFA settings, including turning them on or off, viewing their QR code for scanning, and accessing emergency backup codes.

These features allow your users to take control of their account security without needing to navigate through complex settings. Plus, you can display the current authentication code directly on your site, making the login process easier.

The shortcodes are usually used in the site's backend. They are not intended to be publicly visible on your main website pages. Use them in the accounts section of your site when someone is already logged in.

The following shortcodes are available:

For free and premium AIOS users:

twofactor_user_settings : This shortcode will display the whole user configuration. Use this to allow your users to get/set their TFA settings. Alternatively, to design the page yourself, you can use the individual short-codes, following:

For premium AIOS users:

twofactor_user_settings_enabled : Display the option to turn TFA on or off.

twofactor_user_qrcode : Display the user’s QR code for scanning.

twofactor_user_emergencycodes : Display the user’s emergency codes.

twofactor_user_advancedsettings : Display the user’s advanced settings (e.g. selecting TOTP or HOTP).

twofactor_user_privatekeys : Display the user’s private keys. Use the ‘type’ parameter, with values ‘full’ (default), ‘plain’, ‘base32’ or ‘base64’ to control exactly what is displayed.

twofactor_user_privatekeys_reset : Display a link for the user to reset (change) their private key.

twofactor_user_currentcode : Display the current TFA code.

twofactor_user_presstorefresh : Wrap this shortcode around any HTML that you want to cause the current TFA code (displayed by the twofactor_user_currentcode shortcode) to refresh when clicked.

twofactor_conditional : Wrap this shortcode around any content that you wish to be displayed only if the condition is met. The condition is specified by the “onlyif” parameter, with valid values: activate, inactive, available, unavailable. The content will be shown depending on whether the user has TFA available (i.e. the administrator has allowed it for their user level)/activated. You can use this, for example, to display notices to your users to suggest that they activate TFA, or to remind them that it is available, etc.

Here’s how you can use these shortcodes:

  1. Make sure you have AIOS installed on your WordPress site.
  2. Create a page for your TFA Settings. Go to "Pages" > "Add New" in your WordPress dashboard to create a new page dedicated to TFA settings. Give your page a title (e.g., "TFA settings") and save it.
  3. Add the shortcodes to this page. In the content editor of the page you just created, insert the desired TFA shortcodes based on your preferences.
  4. Once you've added the desired shortcodes to your page, click "Publish" or "Update" to make the changes live on your website.
  5. Share the link to this newly created page with your users or navigate to it yourself to access the TFA settings. Users can then manage their TFA preferences directly from this page.


Yes, your AIOS Premium subscription will automatically renew unless it has been cancelled.

If any issues are encountered taking automatic payment, you will receive a reminder email from our subscription system.

We do not currently offer a discount for renewals.

There are no additional fees, and we only charge VAT within the UK. We can also provide an invoice if required by the customer’s local tax authority.

You can cancel your subscription through your My Accounts page on our website.

Cancelling the subscription will cancel automatic renewal. You will still have access to your licences for the rest of the current billing period.

If you wish to inquire about a refund for any reason, please contact our support team.

Software: We can consider refunds, at our discretion (i.e. no automatic right), based upon the particular circumstances of your case. In practice, we usually require that you have found a technical fault, and that we are given proper opportunity to verify sufficient information about any faults which you believe you have found (and that they are in AIOS, not something else), and to fix them within a reasonable time period. These must in all circumstances be requested within 10 days of purchase, which we believe is sufficient time to ascertain that a purchase works.

Legalese: There are no automatic refunds for digitally-deliverable/non-tangible goods. This is standard practice in these industries, because such goods cannot be returned (unlike physical goods). It is your responsibility to read the product descriptions, verify that it meets your needs (i.e. it provides a workable solution for you) and is suitable for your product environment (e.g. that your web hosting company does not fail to meet an essential requirement). Please do not treat a purchase as trial-ware – we don’t want to push increased costs onto our genuine customers. EU customers have the legal right to a refund of digital goods which they have not yet downloaded, if requested within 14 days, and such requests will also be honoured.

For separately-purchased support services (i.e. not those bundled with software), for which you purchase support for a specific issue, if your support need turns out to be caused by a AIOS defect, then we will refund you 100% of your purchase price for the support purchase.

No refunds are available for unused support purchases, or for any part of the price of a bundled software+support package (for refund purposes, those are treated as 100% software packages).

These restrictions do not affect your consumer rights. For example, if AIOS' product description states that it has a feature which in fact it does not have, then you can invoke your consumer rights.

Finally, we reserve the right to, without notice or refund, terminate any ongoing services (including support agreements or update feeds) to customers who abuse our facilities or staff.

You can upgrade your package at any time. The upgrade purchase will be discounted by the value of your original purchase, so you only pay the difference. For more information, please contact us here.


You can find answers to many questions in our FAQ.

If you cannot find an answer to your issue there, visit our pre-sales and general enquiries form.

For technical or account support, please contact us via our Premium Support Form.

We will typically get back to you within 24 hours (excluding Sundays). However, you can be certain of hearing from us within 3 working days.

We do not offer phone support at this time. All our support is via email and is available through our Support Centre or forums.

Absolutely! You can contact us if you have any feature requests via our contact form.

To report any bugs in the plugin, please contact us via our General Enquiries form. The bug report will be passed on to our development team for investigation.

You can also leave a review and rate our services on our page.

There are a number of reasons why you can be redirected to your site's loopback address. We've gone into detail around some of the common reasons for being redirected to over on our blog. If these fixes don't work, you can contact support.

Interested in Premium? Find out more