All In One WP Security And Firewall Plugin helps you setup this great and powerful plugin which covers and protects many WordPress areas.
Last Updated: October 9, 2019
Latest News: I added another to do list option.
All In One WP Security And Firewall Plugin
WordPress is still one of the most popular CMS platforms in 2017. This also means that more hackers are going to try and break into your site. Lucky for you All In One WP Security and Firewall “AIOWPS” is here to protect your site. It has been designed and developed to protect your site from hackers and more.
All In One WP Security And Firewall Plugin is designed to help those who don’t have any knowledge of security and have no idea how to protect their site using a security plugin. For that reason the developers have added instructions and or information next to each option in the plugin settings. This allows you to read and understand more about each feature before you decide to enable that feature.
All In One WP Security & Firewall version 4.4.2 Changelog.
- Fixed vulnerability related to open redirect and exposure of hidden login page for specific case. (Thanks to Erwan (wpscanteam) for letting us know)
Fixes / To Do List/ Not Supported
Working On The Following Fixes:
- Can the interface receive a face lift though? And maybe improve the admin view via mobile devices? The developers will look into this issue/request. You can read more about it in the following support thread.
- Unable to access settings in a multisite. You can read more about in the following support thread.
- Can we add IPv6-addresses in the Blacklist Manager? – Yes at this stage you can blacklist individual IPv6 addresses but not IPv6 ranges where you use the wildcard “*”. You can find out more about this in the following support thread.
To Do List
- Is there an option to get notification upon user login? – The developers will add this feature in a future release. You can read more about it in the following support thread.
- Hide WordPress Info. – This will be added in a future release. You can read more about it in the following support thread.
- Is there an option to get notification upon user registration? – The developers are considering adding this feature in a future release. You can read more about it in the following support thread.
- Do you have plans to add Google reCAPTCHA V3? – Yes, this will be added soon. You can read more about it in the following support thread.
- Permanent Block List tab – in the next update the developers will add the ability to add IP addresses to this list for other sections too such as failed logins and 404 list, etc. You can read more about it from the following support thread.
- Is there a way that I can change the redirection for the Force Logout feature? – Currently it is not possible to modify the redirect. However the developers have added this in the to do list. You can read more about it in the following support thread.
- Is it possible to exclude specific sites from the copy protection setting under Miscellaneous? – You can read more about it in the following support thread. (Low priority request)
- Is it possible to configure and enforce password policies (E.g. Min 8 Chars, Mixed caps etc) using this plugin? – This might be added in a future release. You can read more about it in the following support thread.
- I was wondering if you will also be implementing a two factor login option soon? This is something the developers might add in a future release. You can read more about it in the following support thread.
- I was wondering if an option can be added to limit the number of logins per user? A feature might be added to the login functionality in general. This is in the “maybe” pile for now.
- I would like to receive a notification if AIOWPS is deactivated. – The developers are considering adding this feature in a future release. You can read more about it in the following support thread.
- Can you add a search field? We have 34 pages of potential registrations, and currently you have to go page by page (or guess a page # and jump to it) finding the ones we want to approve can be time consuming. – The developers are considering adding this feature in a future release. You can read more about it in the following support thread.
GDPR (DSGVO) compliance
Currently the plugin developer has replied in the forum to help you with GDPR (DSGVO) compliance questions. Please check the following support threads to learn more. This could change in a future release.
- Data Processing Agreement needed – Developer support thread reply.
- GDPR (DSGVO) compliance – Developer support thread reply.
- Still unclear if GDPR compliant – Developer support thread reply.
What you need:
- All In One WP Security And Firewall
- Country Blocking Add-on = Premium add-on. (Optional)
- www.site-scanners.com = This is a premium service which is part of the plugin. (Optional but highly recommended. It is important to keep monitoring your site.)
- In some cases you might need premium support – Click on one of the following links Tips And Tricks Premium Support For AIOWPS or WP Solutions HQ. (Recommended when running into issues.)
- Smart 404 blocking Add-on = Premium add-on. (Optional)
- Security Settings Plugin = This plugin/addon helps you reset AIOWPS if you ever get locked out of your site.
WP Security Admin Menu
When you log into your WordPress admin panel, click on WP Security found on your left hand sidebar. You will see an admin menu as illustrated in the image below.
The following list of tutorials provides information about each admin tab. It also shows you how to set up each feature in admin. Some tabs have a number of total points you can gain if you enabled all features with a number value assigned to them. This number is added to the Dashboard Security Strength Meter after you have completed enabling your settings and saved them. The maximum total count in the meter is 505 points. However you will not reach this maximum amount because in some settings you can’t enable all features.
All In One WP Security And Firewall Tutorials:
- Settings = 5 points
- User Accounts = 20 points
- User login = 25 points
- User Registration = 50 points
- Database Security = 30 points
- Filesystem Security = 40 points
- Blacklist Manager = 15 points
- Firewall Rules = 135 points
- Brute Force = 125 points
- Spam Prevention = 30 + 10 more when BuddyPress and BBPress is installed and activated.
- Scanner = 20 points
- Delete Spam
- Pingback Protection Settings
- Custom Rules
- Allow Unlock Request
- Remove All In One WP Security Database Tables
- Captcha Settings
- How To Reset AIOWPS Plugin
- AIOWPS And WooCommerce Captcha Settings
Q1 Does the plugin protect against SQL Injections?
Answer: Yes, the plugin protects against sql injections and more. Simply enable the following feature 6G Enable 6G Firewall Protection. To learn more about this feature click on the following URL All In One WP Security And Firewall Rules.
Note: As far as secure coding practices, this plugin is coded such that any user input it sends to the DB is securely sanitised and escaped against SQL injection attacks.
Having said that, you should be careful regarding which plugins you install on your site and make sure that you get them from reputable sources because not all plugins will have safe coding practices. (Note provided by wpsolutions in the forum)
Q2 Is there a limit to the number of IP addresses you can add to the Blacklist Manager in this plugin?
Q3 Does the plugin prevent DDos attacks?
Q4 Is the plugin compatible with Cloudflare?
Answer: Yes it should be compatible.
If using CloudFlare, one thing you should do is to make sure you set the IP Retrieval configuration to “HTTP_CF_CONNECTING_IP”. This setting can be found in: WP Security -> Settings -> Advanced Settings.
Q5 How do I write a Custom Rule to override an issue when I enable a plugin feature that writes to the .htaccess file?
Answer: Click on the following URL All In One WP Security And Firewall Custom Rules to learn how to create custom rules.
I hope the above information helps you to protect your website.
If you have any questions or need some help, you can leave a message or get in contact with me via my contact form above.