All-In-One Security (AIOS) features

Explore all of the features of AIOS, the WordPress security plugin from TeamUpdraft.

Login security

  • Detect and manage ‘admin’ usernames

    Identify default ‘admin’ usernames and guide users to change them to protect against brute force attacks.

  • Identify and correct identical login and display names

    Detect cases where the display name matches the username and provide guidance to improve login security.

  • Prevent user enumeration

    Block unauthorised access to URLs that can reveal sensitive information such as usernames or other details.

  • Control login attempts

    Prevent brute force attacks by limiting the number of failed login attempts. Choose how many login attempts are allowed, set lock out durations and more.

  • Force user logout

    Automatically log out users after a specified period of time. Unattended sessions are closed, reducing the risk of unauthorised access.

  • Manually approve new registrations

    Review and approve new user registrations to prevent spam and fake sign-ups.

  • Enhance WordPress salt security

    Adds 64 extra characters to WordPress salts, rotating them weekly. Makes cracking passwords virtually impossible, even if your database is stolen.

  • Monitor and manage active sessions

    If a user is logged in who shouldn’t be, log them out or add them to a blacklist.

  • Two-factor authentication (TFA)

    Require TFA for specific user roles. Supports Google Authenticator, Microsoft Authenticator, Authy and many more.

Advanced Two-factor authentication (TFA)

  • Premium
    feature

    Require TFA after a set time period

    Mandate TFA for all admins or other roles after their accounts reach a specified age.

  • Premium
    feature

    Control how often TFA is required

    Set TFA to be required after a certain number of days on trusted devices, instead of on every login.

  • Premium
    feature

    Customise design layout

    Adjust the TFA design to match your website’s existing layout and branding.

  • Premium
    feature

    Emergency Codes

    Generate one-time use emergency codes to regain access if you lose your TFA device.

  • Premium
    feature

    WordPress Multisite Compatible

    Ensure compatibility with WordPress multisite networks and their sub-sites for consistent TFA application.

  • Premium
    feature

    Support for login forms

    Integrate TFA with various login forms, including WooCommerce, Affiliates-WP, Elementor Pro, bbPress, and ‘Theme my Login’ without additional coding.

File / database security

  • Scan and fix file permissions

    Scan for insecure file permissions. Click once to fix issues and safeguard critical files and folders.

  • Disable PHP file editing

    Disable editing of PHP files (such as plugins and themes) via the dashboard. It’s often the first tool that attackers use as it allows for code execution.

  • Protect sensitive files

    Prevent access to files like readme.html that might reveal information about your WordPress installation.

  • File change scanner

    Get notified of any file changes which occur on your system. Exclude files and folders which change as part of normal operations.

  • Prevent image hotlinking

    Prevent other websites from displaying your images via hotlinking and protect server bandwidth.

  • Secure database backups

    Perform a database backup via UpdraftPlus from AIOS. Change the default ‘WP_’ prefix to hide your WordPress database from hackers.

Firewall

  • Get .htaccess firewall rules

    Deny access to the .htaccess and wp-config.php file. Disable the server signature and limit file uploads to a configurable size. Block access to the debug.log file and prevent Apache servers from listing the contents of a directory when an index.php file is not present.

  • Get PHP firewall rules

    PHP firewall rules prevent malicious users from exploiting well known vulnerabilities in XML-RPC. Safeguard your content by disabling RSS and atom feeds and avoid cross-site scripting (XSS) attacks.

  • Block fake Google bots and POST requests made by bots

    Block fake google bots and stop bots from making POST requests by blocking IP addresses where the user-agent and referrer fields are blank.

  • Utilise 6G firewall rules

    Employ flexible blacklist rules to reduce the number of malicious URL requests that hit your website (courtesy of Perishable Press).

  • And more

    Blacklist (and whitelist) IP ranges and user agents and block unauthorised access to data by disabling REST API access for non-logged in requests.

Spam prevention

  • Block spam coming from bots

    Reduce the load on your server and improve the user experience by automatically blocking spam comments from bots.

  • Monitor spam IP addresses

    Monitor the IP addresses of people or bots leaving spam comments. Choose which ones to block or block based on a configurable number of comments left.

Malware scanning

  • Premium
    feature

    Automatic malware scanning

    Detect and protect against the latest malware, trojans, and spyware.

  • Premium
    feature

    Alerts you to blacklisting by search engines

    Monitors your site for blacklisting by search engines due to malicious code.

  • Premium
    feature

    Response time monitoring

    Keep track of your website’s response time to identify and address any performance issues.

  • Premium
    feature

    Advice and malware removal

    Need hands-on advice and support for malware removal? Our team of genuine cyber security experts are here to help.

  • Premium
    feature

    Up-time monitoring

    Checks your website’s uptime every 5 minutes and alerts you immediately if your site or server goes down.

  • Premium
    feature

    Notification if something’s amiss

    Receive notifications about any issues with your site so you can address problems before they escalate.

Smart 404 blocking

  • Premium
    feature

    Block IPs based on 404 errors

    Detect hackers probing your URLs via script and bots by the 404 errors they leave behind.

  • Premium
    feature

    Smart 404 Configuration

    Set a figure for the maximum number of 404 events allowed before an IP address is blocked. Choose a time period within which the 404 events must occur (e.g. 10 404 errors within 10 minutes)

  • Premium
    feature

    Smart 404 block by URL string

    Instantly block an IP address if a 404 event includes a specific URL string.

  • Premium
    feature

    Smart 404 whitelisting

    Prevent particular IP addresses from being permanently blocked due to 404 events.

Country blocking

Most malicious attacks come from a handful of countries. Block most of them through country blocking!

  • Premium
    feature

    Block traffic to the entire site or to specific pages or posts.

    Useful if you’re an e-commerce site and you want to block sales to some countries for shipping or tax reasons.

  • Whitelist some users from blocked countries

    Whitelist IP addresses or IP ranges even if they are part of a blocked country.

Testimonials

  • This is by far the most extensive tool out there for website protection. A powerful tool that really does the job.

Get all AIOS features with Premium

Get Smart 404 error blocking, malware scanning, premium two-factor authentication features and premium support when you need it most.

Our plugins

Try TeamUpdraft’s full suite of WordPress plugins.

  • UpdraftPlus

    Back up, restore and migrate your WordPress website with UpdraftPlus

  • WP-Optimize

    Speed up and optimize your WordPress website. Cache your site, clean the database and compress images

  • UpdraftCentral

    Centrally manage all your WordPress websites’ plugins, updates, backups, users, pages and posts from one location