UpdraftPlus
Back up, restore and migrate your WordPress website with UpdraftPlus
Whether you’re running a blog, WooCommerce store, or business site, you need protection that goes beyond basic IP blocking. All-In-One Security’s firewall gives you advanced protection tools to harden your site – without needing to write a single line of code.
From fake Googlebots and spammy POST requests to XML-RPC exploits and XSS attacks, our firewall rules are built to recognise and block the most common tactics used by hackers and bots.
Lock down critical files like wp-config.php and .htaccess, block access to debug.log, and disable PHP file editing. AIOS also helps block malicious PHP requests before they can compromise your site.
Take full control of how your firewall works. Whitelist by plugin or user role, disable REST API access for unauthenticated users, and manage IP allowlists with custom comments so you always know who has access and why.
All-In-One Security’s firewall feature works at the application level to block suspicious behaviour and restrict unauthorised access to your site’s most sensitive areas.
Activate core firewall rules:
Enable base .htaccess and PHP rules to instantly harden your WordPress install.
Block fake Googlebots and bots abusing POST requests:
Automatically deny access to IPs with blank user-agent or referrer fields, and keep imposters at bay.
Add 6G firewall rules:
Reduce the number of malicious URL requests using advanced blacklist rules from Perishable Press.
Secure REST API endpoints:
Block access to REST API for non-logged-in users or allow specific plugins and user roles only.
Customise IP whitelisting:
Add IPs to your whitelist for easy reference and better management.
Supports third party login forms without additional coding. Customise the design layout, generate emergency codes, make TFA compulsory for some user roles and more.
AIOS automatically scans your WordPress website for malware weekly. We also check for downtime and response time issues, and we’ll notify you if your website is blacklisted by Google.
Most attacks come from a handful of countries. Prevent most of them by blocking traffic based on country of origin to 99.5% accuracy!
Automatically block hackers based on the 404 errors they leave behind. Handy charts show how many 404s have occurred and where they’re coming from.
If your site showcases what you do or who you are, it deserves the premium treatment:
Give your site the protection it deserves:
TeamUpdraft plugins come with a money-back guarantee. If something goes wrong and we can’t fix it, we’ll offer you a refund if it’s requested within 10 days of purchase.
AIOS offers powerful application-level firewall rules for layered WordPress security. From .htaccess lockdown to bot filtering, it’s a comprehensive firewall solution designed to block common threats.
Yes. You can whitelist IPs manually and include custom notes for reference. You can also control access to the REST API based on user roles and plugins.
No. AIOS’s firewall rules are designed for performance and won’t slow down your site. They efficiently block malicious traffic without affecting page load speed.
Yes. PHP-level firewall rules include protection against common XML-RPC exploits, including brute force and pingback spam attacks.
The 6G ruleset blocks known bad patterns, including malicious URLs, request strings, and header exploits, helping to reduce your exposure to automated threats.
You can choose to block REST API access for non-logged-in users by default and then whitelist access based on plugin or user role as needed.
Ask us anything. We’ll do our best to reply within 24 hours. If you haven’t heard from us, please check for replies in your email spam folder.
Try TeamUpdraft’s full suite of WordPress plugins.
Back up, restore and migrate your WordPress website with UpdraftPlus
Speed up and optimize your WordPress website. Cache your site, clean the database and compress images
Secure your WordPress website. Comprehensive, feature rich and easy to use
Centrally manage all your WordPress websites’ plugins, updates, backups, users, pages and posts from one location