All-In-One-Security

The world’s most complete WordPress security plugin

All-In-One-Security (AIOS) is the ultimate in WordPress website security. Although WordPress has been designed with security in mind,  WordPress websites still come under attack through careless users, bad practice, poor posting configuration or poorly-coded plugins or themes.

Additional layers of security are crucial. This integrated plugin presents all of the latest recommended WordPress security practices and techniques as easy-to-use features. It checks for vulnerabilities and addresses every conceivable threat from malicious software and brute force logins to front-end text copy prevention and comment spam blocking.

FREE
PREMIUM

Set up

For detailed explanations and help on setting up AIOS. Please visit our plugin page using the button below.

Installation help

Documentation

To view the complete documentation of the current up to date version of AIOS plugin, click the button button beow.
View Docs

Free version features

Overall security point score system

Security protection breakdown

Individual feature protection level

Website critical security status

Website login security

Our All-In-One-Security plugin takes WordPress’ default login security features to a whole new level.

Brute force login prevention

Automatically block all brute force login attempts from humans and bots alike.

Login lockdown

Prevent brute force attacks by limiting login attempts. Lock out users with the same IP address for a predetermined period after multiple login attempts.

Rename login page

Configure a custom URL for the WP Admin login page.

User management

Monitor and block malicious users with ease by tracking their current IP addresses and login times.

User registration security

Add Google reCaptcha and a honeypot to registration pages to prevent spam registration by bots.

Prevent users enumeration

Prevent external users/bots from easily fetching user information.

Advanced password protection

Have auto generated passwords that will be stronger and safer.

Two-factor authentication

One-time codes verify logins from remote locations, eliminating the threat of brute force attacks.

Password strength tool

Calculate how long it would take for your password to be cracked using a brute force attack.

Firewall and file protection​

Web servers access the htaccess file before any other code on your WordPress website. Our firewall protects your htaccess file and prevents malicious hacks from reaching your site.

Time-block IP addresses

Block ranges of IP addresses for a specified period of time while you investigate suspicious users

Cross site scripting (XSS) protection

Block malicious bots without a special cookie.

Disable PHP file editing

Remove the ability for people to edit PHP files via the WP dashboard.

Automated IP address

Automatically lockout IP address ranges that attempt to login with an invalid username.

File change detection

Receive alerts if there are changes to any files on your computer.

404 Event logs

Blacklist IP based on 404 events logs.

6G blacklist

Automatically block malicious server scans and bad requests.

Blacklist user agents

Block configured user agents from accessing the site.

External user regulation

Eliminate spam and protect your content to dramatically improve your website’s interaction with search engines.

Comment spam prevention

Regulate your WordPress website’s comment session while monitoring and blocking IP addresses that persistently generate spam comments.

iFrame protection

Prevent other sites from displaying any of your content via a frame or iframe.

Front-end text copy protection

Disable the right-click, text selection, and text copy option on the frontend of your WordPress website.

Disallow unauthorized REST requests

Stop REST API access for non-logged in requests.

General visitor lockout

Allows you to put your site into "maintenance mode" by locking down the front-end to all visitors except logged in users with super admin privileges.

Download for free today and find out why we are one of the most trusted plugins on WordPress. View the plugin page on WordPress for more information

Plugin page

Premium version features

Get All-In-One-Security premium. Add extra security on top of the free version with our premium package.

Smart 404 blocking

Automatically and permanently block IP addresses of bots and hackers by tracking and monitoring the number of 404 errors they generate.

Country blocking

Block IP addresses originating from specific countries. Access to a database which offers the latest IP and country information.

AIOS premium support

Access 24/7 support and customer care. Reach us with just a few clicks and get an instant response on your enquiry.

Two-factor authentication

Take control of user access with flexible two factor authentication features and secure your account.

Role specific configuration

TFA can be made available or compulsory for specific user roles.

Trusted devices

Site owners can allow ‘Trusted devices’ on which TFA authentication can be cached for a chosen number of days.

Multisite compatible

Compatible with WP Multisite networks and sub-sites.

Time-based activation

Force TFA to be activated on accounts over a certain age, and allow new accounts a grace period to set up TFA.

Anti-bot protection

Optional anti-bot protection on WooCommerce login forms, to hide the existence of the form unless JavaScript is active.

Emergency codes

Generate one-time use emergency codes which can allow access if your device is lost.

Site scanners malware protection

Automatically scan your website for malicious software and monitor your website downtime to diagnose problems.

Automatic monitoring of malware injection

Our scanner will regularly scan your site for malware, trojans, spyware, etc, and notify you immediately if anything is amiss.

Automatic site uptime monitoring

Our scanner will monitor the uptime of your site, and notify you whenever your site/server goes down.

Reports

Reports are available both via your My Account page and directly via email.

Monitor your site’s response time

Our scanner will monitor your site’s response time regularly, to help you identify if the response time is being negatively affected.

Flexible assignment

Sites can be registered and removed from the scanning service at any time.

Support

Our support team is able to provide advice if any issues are detected on your site.

Premium packages

First-Class Security Without Breaking the Bank. Premium includes all features from the free version and everything listed in premium features.

Annually

1 website –

$60.00

3 websites –

$120.00

  • Everything in free
  • 404 blocking
  • Country blocking
  • Two-factor authentication
  • Site scanner
  • Premium support

Cancel any time – no questions asked.

Get premium now

1 million+ people can’t be wrong

What our clients have to say

"Works extremely well for me, I'm using it on all my sites. Has everything I would ever need. Thanks!"
Kieran
“I love using All in one Security & Firewall. I felt secure! I highly recommend them to all my clients and friends. "
ivanonestop
"Thanks for creating this security plugin-and for free! I’ve been able to setup one site, export the settings installer and set it up again on 20 other sites. What a breeze…"
voltima
Previous
Next

We are the only security plugin on WordPress with a five star rating. With over a million downloads from 120+ countries, you can rest assured that your business’ security is in safe hands.

See more reviews

FAQ's

Most frequently asked questions for All-In-One-Security plugin

Restore the htacess file of your WordPress site. This will remove any firewalls and allow you to start from the beginning.

 First, restore the .htaccess file then access your WP Login form using the following URL: http://your-domain.com/wp-login.php

WordPress multi-site uses one single file system for all your sub-sites. So some of the security features only need to be enabled on your MAIN site. The sub-sites won’t show you the menus for these features. You can configure those settings from the main site of your WPMS install.

The plugin should work on any properly configured servers. However, it is a good idea to get a good WordPress hosting (if you don’t have one).

Plugin support Page

Clients of UpdraftPlus

trusted-by-2019
trusted-by-20189
trusted-by-20619
trusted-by-201889
trusted-by-2019
trusted-by-201889

From the builders of UpdraftPlus and WP-Optimize. Trusted by 5+ million WordPress sites including the NBA, Microsoft, NASA, Procter & Gamble, and Cisco to name a few.

our plugins across wordpress

Updraft

About Us

Do you want total protection for your website?

Start using All-In-One-Security now!