All-In-One Security (AIOS) 5.2.5 Release

By TeamUpdraft Posted Category Company news Topics All-In-One-Security, Releases,

AIOS 5.2.5: Enhanced UI and critical fixes

Section titled AIOS 5.2.5: Enhanced UI and critical fixes

UI enhancements: The latest release of AIOS introduces significant improvements to the user interface, resulting in a smoother and more intuitive experience. Key updates include:

Redesigned scanner page: A complete overhaul of the scanner page for enhanced functionality and ease of use.

New UI widgets: Several new widgets have been added to streamline user interactions.

Consolidated Admin menus: Multiple admin menus have been merged into a single, organized user security menu for easier navigation.

Acknowledgements and Fixes

We would like to extend our gratitude to Naveen Muthusamy for identifying a critical defect. This issue could have allowed potential hackers to access websites through hidden login pages on multisite installations. The defect has been resolved in this release.

For a detailed list of all changes and improvements, please refer to the full changelog below.

  • SECURITY: On a multisite install, if using the AIOS feature for renaming and hiding the login page, a route existed for an attacker to discover the hidden login page, thus negating the usefulness of the feature. Thanks to Naveen Muthusamy for disclosing this defect.
  • Feature: Block POST requests that have a blank user-agent and referer
  • FEATURE: Added reverse IP Lookup data to the login lockdown notification email
  • Fix: Prevent a fatal error when setting up the firewall if the host has disabled the function parse_ini_file
  • Fix: Prevent the firewall message store from filling up with unused entries
  • Fix: Prevent legitimate Googlebot traffic being blocked on sites where the gethostbyaddr function fails or is disabled
  • Fix: An issue that prevented MainWP updates from being performed correctly
  • Fix: Prevent user enumeration via the REST API and oEmbed protocol
  • Fix: User agent blacklist not matching all strings correctly
  • Fix: Logged in user table not showing the correct information
  • Tweak: Improve comment spam detection by using hidden fields and cookies
  • Tweak: Login whitelist suggests both IPv4 and IPv6 addresses to whitelist
  • Tweak: The menu actions in the dashboard admin menu are now processed via AJAX
  • Tweak: Converted checkboxes in the admin menu pages to switches
  • Tweak: Add network_id and site_id column to debug logs table for differentiating logs between sites on multisite
  • Tweak: Combined various user admin menus into a new ‘User Security’ admin menu
  • Tweak: Export configuration filename now reflects the local time zone.
  • Tweak: Improve the UI/UX of the file scanner making way for future improvements
  • Tweak: Redesign the feature manager badges
  • Tweak: Removed various admin menu tabs as previously announced
  • Tweak: Add features that depend on other plugins to the feature manager conditionally
  • Tweak: Added a null check to function that removes wp meta info from scripts and styles src to prevent a PHP deprecation warning
  • Tweak: Audit log date and time are now displayed in the sites time zone
  • Tweak: PHP warning undefined array key REQUEST_METHOD in rule-proxy-comment-posting.php
  • Tweak: When TranslatePress is active, logging out via WooCommerce should not show a 404 page if the ‘Rename login page’ setting is on

About the author

Team Updraft Logo with dark background

TeamUpdraft

Our team consists of WordPress developers, marketers, and industry experts committed to providing you with the resources and skills you need to succeed online. Whether you’re just starting out or seeking advanced strategies, we’re here to enhance your WordPress journey and support you at every stage.

AIOS

Comprehensive, feature-rich, security for WordPress. Malware scanning, firewall, an audit log and much more. Powerful, trusted and easy to use.

From just $70 for the year.

More stories

Our plugins

Try TeamUpdraft’s full suite of WordPress plugins.

  • UpdraftPlus

    Back up, restore and migrate your WordPress website with UpdraftPlus

  • WP-Optimize

    Speed up and optimize your WordPress website. Cache your site, clean the database and compress images

  • UpdraftCentral

    Centrally manage all your WordPress websites’ plugins, updates, backups, users, pages and posts from one location