All-In-One Security (AIOS) 5.2.5 Release
AIOS 5.2.5: Enhanced UI and critical fixes
Section titled AIOS 5.2.5: Enhanced UI and critical fixesUI enhancements: The latest release of AIOS introduces significant improvements to the user interface, resulting in a smoother and more intuitive experience. Key updates include:
Redesigned scanner page: A complete overhaul of the scanner page for enhanced functionality and ease of use.
New UI widgets: Several new widgets have been added to streamline user interactions.
Consolidated Admin menus: Multiple admin menus have been merged into a single, organized user security menu for easier navigation.
Acknowledgements and Fixes
We would like to extend our gratitude to Naveen Muthusamy for identifying a critical defect. This issue could have allowed potential hackers to access websites through hidden login pages on multisite installations. The defect has been resolved in this release.
For a detailed list of all changes and improvements, please refer to the full changelog below.
Changelog
Section titled Changelog- SECURITY: On a multisite install, if using the AIOS feature for renaming and hiding the login page, a route existed for an attacker to discover the hidden login page, thus negating the usefulness of the feature. Thanks to Naveen Muthusamy for disclosing this defect.
- Feature: Block POST requests that have a blank user-agent and referer
- FEATURE: Added reverse IP Lookup data to the login lockdown notification email
- Fix: Prevent a fatal error when setting up the firewall if the host has disabled the function
parse_ini_file
- Fix: Prevent the firewall message store from filling up with unused entries
- Fix: Prevent legitimate Googlebot traffic being blocked on sites where the gethostbyaddr function fails or is disabled
- Fix: An issue that prevented MainWP updates from being performed correctly
- Fix: Prevent user enumeration via the REST API and oEmbed protocol
- Fix: User agent blacklist not matching all strings correctly
- Fix: Logged in user table not showing the correct information
- Tweak: Improve comment spam detection by using hidden fields and cookies
- Tweak: Login whitelist suggests both IPv4 and IPv6 addresses to whitelist
- Tweak: The menu actions in the dashboard admin menu are now processed via AJAX
- Tweak: Converted checkboxes in the admin menu pages to switches
- Tweak: Add
network_id
andsite_id
column to debug logs table for differentiating logs between sites on multisite - Tweak: Combined various user admin menus into a new ‘User Security’ admin menu
- Tweak: Export configuration filename now reflects the local time zone.
- Tweak: Improve the UI/UX of the file scanner making way for future improvements
- Tweak: Redesign the feature manager badges
- Tweak: Removed various admin menu tabs as previously announced
- Tweak: Add features that depend on other plugins to the feature manager conditionally
- Tweak: Added a null check to function that removes wp meta info from scripts and styles src to prevent a PHP deprecation warning
- Tweak: Audit log date and time are now displayed in the sites time zone
- Tweak: PHP warning undefined array key
REQUEST_METHOD
inrule-proxy-comment-posting.php
- Tweak: When TranslatePress is active, logging out via WooCommerce should not show a 404 page if the ‘Rename login page’ setting is on
About the author

TeamUpdraft
Our team consists of WordPress developers, marketers, and industry experts committed to providing you with the resources and skills you need to succeed online. Whether you’re just starting out or seeking advanced strategies, we’re here to enhance your WordPress journey and support you at every stage.
Categories
AIOS
Comprehensive, feature-rich, security for WordPress. Malware scanning, firewall, an audit log and much more. Powerful, trusted and easy to use.
From just $70 for the year.
More stories
-
Three things to do this World Backup Day
This World Backup Day, take the time to ensure your website is protected. From automating backups to connecting to remote storage, these three steps will keep your data safe. Plus, enjoy a 10% discount on UpdraftPlus Premium for a limited time!
-
Same team, different name. Welcome to TeamUpdraft (for affiliates)
Attention affiliates! TeamUpdraft is here, combining UpdraftPlus, WP-Optimize, and AIOS. Explore new ways to earn with our unified brand.
-
Same team, different name. Welcome to TeamUpdraft
UpdraftPlus, WP-Optimize & AIOS are now under TeamUpdraft! Find out what’s changed, how to log in, and where to get support.
-
WP-Optimize release v4.0.0
WP-Optimize v4.0.0 is here! This update introduces JavaScript execution delay, minimum requirements changes, and performance improvements.