Does All-In-One Security (AIOS) – Security and Firewall have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is All-In-One Security (AIOS) – Security and Firewall compatible with WordPress 7.0?

According to WordPress.org data, All-In-One Security (AIOS) – Security and Firewall 5.4.6 has been tested up to WordPress 7.0. Check the plugin's changelog for the latest compatibility information.

Is All-In-One Security (AIOS) – Security and Firewall compatible with PHP 5.6+?

All-In-One Security (AIOS) – Security and Firewall requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

What is All-In-One Security (AIOS) – Security and Firewall's security score?

All-In-One Security (AIOS) – Security and Firewall has a WP-Safety security score of 93/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

All-In-One Security (AIOS) – Security and Firewall Security & Risk Analysis

wordpress.org/plugins/all-in-one-wp-security-and-firewall

Protect your website investment with All-In-One Security (AIOS) – a comprehensive and easy to use security plugin designed especially for WordPress.

1.0M active installs v5.4.6 PHP 5.6+ WP 5.0+ Updated Mar 25, 2026

firewalllogin-securitymalware-scanningsecuritytwo-factor-authentication

A · Safe

CVEs total26

Unpatched0

Last CVEFeb 8, 2024

Plugin page Download

Safety Verdict

Is All-In-One Security (AIOS) – Security and Firewall Safe to Use in 2026?

Generally Safe

Score 93/100

All-In-One Security (AIOS) – Security and Firewall has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

26 known CVEsLast CVE: Feb 8, 2024Updated 1mo ago

Risk Assessment

The All-in-One WP Security and Firewall plugin, at version 5.4.6, presents a mixed security posture. While it implements a good number of security checks, including robust SQL query preparation and output escaping, significant concerns arise from its attack surface and taint analysis. The presence of three unprotected AJAX handlers is a direct pathway for potential exploitation if not adequately secured by other means. The high number of flows with unsanitized paths, particularly the 14 identified as high severity in taint analysis, indicates a strong risk of path traversal or injection vulnerabilities. This is further supported by its vulnerability history, which includes several critical and high-severity issues, specifically mentioning Path Traversal and SQL Injection. While there are currently no unpatched CVEs, the historical pattern of these critical vulnerability types suggests recurring weaknesses that, if not fully addressed, could resurface. The plugin also relies on a bundled library, Select2, which, if not kept up-to-date, could introduce its own set of vulnerabilities. Overall, the plugin has a large attack surface, and the identified taint flows are a significant concern, outweighing its otherwise good security practices. Continued vigilance and thorough code auditing are recommended.

Key Concerns

Unprotected AJAX handlers found
High severity unsanitized path flows
High number of historical critical CVEs
Vulnerability history includes Path Traversal
Vulnerability history includes SQL Injection
Use of dangerous function unserialize
Bundled library Select2 detected

Vulnerabilities

26 published

All-In-One Security (AIOS) – Security and Firewall Security Vulnerabilities

CVEs by Year

1 CVE in 2014

2014

5 CVEs in 2015

2015

5 CVEs in 2016

2016

1 CVE in 2019

2019

2 CVEs in 2020

2020

6 CVEs in 2022

2022

4 CVEs in 2023

2023

2 CVEs in 2024

2024

Patched Has unpatched

Severity Breakdown

Critical

High

Medium

Low

26 total CVEs

CVE-2024-30468medium · 4.3Cross-Site Request Forgery (CSRF)

All In One WP Security <= 5.2.6 - Cross-Site Request Forgery to IP Blocking

Feb 8, 2024 Patched in 5.2.7 (56d)

CVE-2024-1037medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

All-In-One Security (AIOS) – Security and Firewall <= 5.2.5 - Reflected Cross-Site Scripting

Feb 6, 2024 Patched in 5.2.6 (1d)

CVE-2023-52147medium · 5.3Protection Mechanism Failure

All In One WP Security <= 5.2.4 - Protection Bypass of Renamed Login Page via URL Encoding

Oct 25, 2023 Patched in 5.2.5 (90d)

WF-02066dcd-1f2f-4ed3-b1f4-7ea8711918e8-all-in-one-wp-security-and-firewallmedium · 5.9Plaintext Storage of a Password

All In One WP Security 5.1.9 - Plaintext Storage of Credentials

Jul 11, 2023 Patched in 5.2.0 (196d)

CVE-2023-0157medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

All-In-One Security (AIOS) <= 5.1.4 - Authenticated (Admin+) Stored Cross-Site Scripting

Mar 20, 2023 Patched in 5.1.5 (309d)

CVE-2023-0156medium · 4.9Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

All-In-One Security (AIOS) <= 5.1.4 - Authenticated(Admin+) Directory Traversal

Feb 14, 2023 Patched in 5.1.5 (343d)

CVE-2022-4346medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

All-In-One Security <= 5.1.2 - Information Disclosure

Dec 9, 2022 Patched in 5.1.3 (410d)

CVE-2022-44737high · 8.8Cross-Site Request Forgery (CSRF)

All In One WP Security & Firewall <= 5.1.0 - Cross-Site Request Forgery

Nov 22, 2022 Patched in 5.1.1 (427d)

CVE-2022-4097medium · 6.5Use of Less Trusted Source

All-In-One Security (AIOS) – Security and Firewall <= 5.0.8 - IP Spoofing to Protection Mechanism Bypass

Nov 21, 2022 Patched in 5.0.8 (428d)

WF-fae1b795-8939-4229-8f89-fedf6f320ec1-all-in-one-wp-security-and-firewallhigh · 8.8Cross-Site Request Forgery (CSRF)

All In One WP Security & Firewall <= 5.1.0 - Cross-Site Request Forgery

Nov 17, 2022 Patched in 5.1.1 (432d)

WF-8ce4be1b-3807-4ded-80a5-30f2f80db89d-all-in-one-wp-security-and-firewallmedium · 6.5Use of Less Trusted Source

All In One WP Security & Firewall 5.0.0 - 5.0.7 - Protection Bypass via IP Spoofing

Sep 30, 2022 Patched in 5.0.8 (480d)

CVE-2021-25102medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

All In One WP Security & Firewall <= 4.4.10 - Open Redirect and Reflected Cross-Site Scripting

Apr 11, 2022 Patched in 4.4.11 (652d)

CVE-2020-29171medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

All In One WP Security & Firewall <= 4.4.5 - Cross-Site Scripting

Dec 24, 2020 Patched in 4.4.6 (1125d)

WF-1f092dae-e298-42e3-b494-fc7b7669b300-all-in-one-wp-security-and-firewallmedium · 4.7Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

All In One WP Security & Firewall <= 4.4.3 - Reflected Cross-Site Scripting

Sep 8, 2020 Patched in 4.4.4 (1232d)

CVE-2016-10887critical · 9.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

All In One WP Security & Firewall <= 4.0.8 - SQL Injection

Aug 14, 2019 Patched in 4.0.9 (1623d)

CVE-2016-10866medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

All In One WP Security & Firewall <= 4.1.9 - Reflected Cross-Site Scripting

Nov 11, 2016 Patched in 4.2.0 (2629d)

WF-352a0c8a-22a6-44d9-917c-5fb37569d143-all-in-one-wp-security-and-firewallmedium · 5.3Guessable CAPTCHA

All In One WP Security & Firewall <= 4.1.2 - Captcha Bypass

Jul 31, 2016 Patched in 4.1.3 (2732d)

CVE-2016-10888critical · 9.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

All In One WP Security & Firewall <= 4.0.6 - SQL Injection

Apr 6, 2016 Patched in 4.0.7 (2848d)

CVE-2016-10867medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

All In One WP Security & Firewall <= 4.0.5 - Cross-Site Scripting

Feb 23, 2016 Patched in 4.0.6 (2891d)

CVE-2016-10868medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

All In One WP Security & Firewall <= 4.0.4 - Cross-Site Scripting

Feb 22, 2016 Patched in 4.0.5 (2892d)

CVE-2015-9293medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

All In One WP Security & Firewall <= 3.9.7 - Cross-Site Scripting

Aug 15, 2015 Patched in 3.9.8 (3083d)

CVE-2015-9294medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

All In One WP Security & Firewall <= 3.9.4 - Reflected Cross-Site Scripting

Apr 20, 2015 Patched in 3.9.5 (3200d)

CVE-2015-9310critical · 9.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

All In One WP Security & Firewall <= 3.9.0 - SQL Injection

Apr 6, 2015 Patched in 3.9.1 (3214d)

CVE-2015-0895low · 3.1Cross-Site Request Forgery (CSRF)

All In One WP Security & Firewall <= 3.8.9 - Cross-Site Request Forgery

Mar 6, 2015 Patched in 3.9.0 (3245d)

CVE-2015-0894critical · 9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

All In One WP Security & Firewall <= 3.8.7 - SQL Injection

Mar 6, 2015 Patched in 3.8.8 (3245d)

CVE-2014-6242high · 7.4Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

All In One WP Security & Firewall <= 3.8.2 - Authenticated Access or Cross-Site Request Forgery leading to SQL Injection via orderby, order Parameters

Sep 24, 2014 Patched in 3.8.3 (3408d)

Version History

All-In-One Security (AIOS) – Security and Firewall Release Timeline

v5.4.6Current6 files changed

v5.4.5150 files changed

v5.4.4112 files changed

v5.4.362 files changed

v5.4.265 files changed

v5.4.136 files changed

v5.4.05 files changed

v5.3.10184 files changed

v5.3.89 files changed

v5.3.78 files changed

v5.3.67 files changed

v5.3.568 files changed

v5.3.422 files changed

v5.3.381 files changed

v5.3.268 files changed

v5.3.165 files changed

v5.3.089 files changed

v5.2.97 files changed

v5.2.840 files changed

v5.2.7

Code Analysis

Analyzed Mar 16, 2026

All-In-One Security (AIOS) – Security and Firewall Code Analysis

Dangerous Functions

Raw SQL Queries

159 prepared

Unescaped Output

467

1237 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$result = unserialize($serialized_data);classes\wp-security-utility.php:1529

unserialize$result = unserialize($serialized_data, array('allowed_classes' => $allowed_classes, 'max_depth' => classes\wp-security-utility.php:1531

unserialize$result = unserialize($serialized_data);includes\simba-tfa\simba-tfa.php:1728

unserialize$result = unserialize($serialized_data, array('allowed_classes' => $allowed_classes, 'max_depth' => includes\simba-tfa\simba-tfa.php:1730

Bundled Libraries

Select2

SQL Query Safety

76% prepared210 total queries

Output Escaping

73% escaped1704 total outputs

Data Flows · Security

26 unsanitized

Data Flow Analysis

25 flows26 with unsanitized paths

search_box (admin\general\wp-security-list-table.php:353)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

3 unprotected

All-In-One Security (AIOS) – Security and Firewall Attack Surface

Entry Points8

Unprotected3

AJAX Handlers 6

authwp_ajax_aios_ajaxclasses\wp-security-ajax.php:26

noprivwp_ajax_get_antibot_keysclasses\wp-security-ajax.php:27

authwp_ajax_tfa_frontendincludes\simba-tfa\includes\tfa_frontend.php:16

noprivwp_ajax_simbatfa-init-otpincludes\simba-tfa\simba-tfa.php:114

authwp_ajax_simbatfa-init-otpincludes\simba-tfa\simba-tfa.php:115

authwp_ajax_simbatfa_shared_ajaxincludes\simba-tfa\simba-tfa.php:117

Shortcodes 2

[twofactor_user_settings] includes\simba-tfa\includes\tfa_frontend.php:17

[twofactor_user_settings] includes\simba-tfa\simba-tfa.php:856

WordPress Hooks 221

actionadmin_footeradmin\general\wp-security-ajax-data-table.php:182

actionadmin_footeradmin\general\wp-security-list-table.php:171

actionadmin_menuadmin\wp-security-admin-init.php:50

actionadmin_menuadmin\wp-security-admin-init.php:51

actionadmin_menuadmin\wp-security-admin-init.php:52

actionadmin_initadmin\wp-security-admin-init.php:53

actionadmin_initadmin\wp-security-admin-init.php:55

actionadmin_initadmin\wp-security-admin-init.php:59

actionadmin_print_scriptsadmin\wp-security-admin-init.php:63

actionadmin_print_stylesadmin\wp-security-admin-init.php:64

actioninitadmin\wp-security-admin-init.php:65

filteradmin_footer_textadmin\wp-security-admin-init.php:68

actionall_admin_noticesadmin\wp-security-admin-init.php:269

actionadmin_footeradmin\wp-security-filesystem-menu.php:19

filterupdraftplus_remotecontrol_command_classesclasses\updraftcentral.php:10

filterupdraftcentral_remotecontrol_command_classesclasses\updraftcentral.php:11

actionupdraftcentral_command_class_wantedclasses\updraftcentral.php:12

actionaiowps_record_eventclasses\wp-security-audit-event-handler.php:28

actionaiowps_bulk_record_eventsclasses\wp-security-audit-event-handler.php:29

actionaiowps_clean_old_eventsclasses\wp-security-audit-event-handler.php:32

actioninitclasses\wp-security-audit-events.php:33

action_core_updated_successfullyclasses\wp-security-audit-events.php:36

actionupgrader_process_completeclasses\wp-security-audit-events.php:39

actionactivated_pluginclasses\wp-security-audit-events.php:40

actionupgrader_process_completeclasses\wp-security-audit-events.php:41

actiondeactivated_pluginclasses\wp-security-audit-events.php:42

actiondelete_pluginclasses\wp-security-audit-events.php:43

actiondeleted_pluginclasses\wp-security-audit-events.php:44

actionupgrader_process_completeclasses\wp-security-audit-events.php:47

actionswitch_themeclasses\wp-security-audit-events.php:48

actionupgrader_process_completeclasses\wp-security-audit-events.php:49

actiondelete_themeclasses\wp-security-audit-events.php:50

actiondeleted_themeclasses\wp-security-audit-events.php:51

actionupgrader_process_completeclasses\wp-security-audit-events.php:54

actionpassword_resetclasses\wp-security-audit-events.php:57

actiondeleted_userclasses\wp-security-audit-events.php:58

actionremove_user_from_blogclasses\wp-security-audit-events.php:59

actionplugins_loadedclasses\wp-security-audit-events.php:62

filteraios_audit_filter_detailsclasses\wp-security-audit-events.php:65

actionlogin_enqueue_scriptsclasses\wp-security-captcha.php:19

filterscript_loader_tagclasses\wp-security-captcha.php:20

actionwpcf7_admin_initclasses\wp-security-captcha.php:24

filterwpcf7_contact_form_propertiesclasses\wp-security-captcha.php:25

filterwpcf7_validateclasses\wp-security-captcha.php:26

actionaiowps_perform_db_cleanup_tasksclasses\wp-security-cleanup.php:17

filterpre_comment_user_ipclasses\wp-security-comment.php:17

actioncomment_spam_to_approvedclasses\wp-security-comment.php:18

actioncomment_spam_to_unapprovedclasses\wp-security-comment.php:19

actionaios_perform_update_antibot_keysclasses\wp-security-comment.php:20

filtercron_schedulesclasses\wp-security-cronjob-handler.php:15

actionaios_15_minutes_cron_eventclasses\wp-security-cronjob-handler.php:17

actionaiowps_hourly_cron_eventclasses\wp-security-cronjob-handler.php:18

actionaiowps_daily_cron_eventclasses\wp-security-cronjob-handler.php:19

actionaios_change_auth_keys_and_saltclasses\wp-security-cronjob-handler.php:20

actionaiowps_purge_old_debug_logsclasses\wp-security-cronjob-handler.php:21

actionaiowps_send_lockout_emailclasses\wp-security-cronjob-handler.php:22

actionaios_update_googlebot_ip_rangesclasses\wp-security-cronjob-handler.php:23

actionaiowp_security_additional_report_actionsclasses\wp-security-debug.php:35

actionaiowps_perform_fcd_scan_tasksclasses\wp-security-file-scan.php:9

filterxmlrpc_methodsclasses\wp-security-general-init-tasks.php:12

filterwp_headersclasses\wp-security-general-init-tasks.php:13

actiondo_feedclasses\wp-security-general-init-tasks.php:17

actiondo_feed_rdfclasses\wp-security-general-init-tasks.php:18

actiondo_feed_rssclasses\wp-security-general-init-tasks.php:19

actiondo_feed_rss2classes\wp-security-general-init-tasks.php:20

actiondo_feed_atomclasses\wp-security-general-init-tasks.php:21

actiondo_feed_rss2_commentsclasses\wp-security-general-init-tasks.php:22

actiondo_feed_atom_commentsclasses\wp-security-general-init-tasks.php:23

actionpre_comment_on_postclasses\wp-security-general-init-tasks.php:35

filterpre_comment_approvedclasses\wp-security-general-init-tasks.php:39

actioncomment_postclasses\wp-security-general-init-tasks.php:43

actiontransition_comment_statusclasses\wp-security-general-init-tasks.php:44

actionwidgets_initclasses\wp-security-general-init-tasks.php:48

filterretrieve_password_messageclasses\wp-security-general-init-tasks.php:49

filterlogin_urlclasses\wp-security-general-init-tasks.php:51

actionall_admin_noticesclasses\wp-security-general-init-tasks.php:56

actionall_admin_noticesclasses\wp-security-general-init-tasks.php:60

actionadmin_post_aiowps_firewall_setupclasses\wp-security-general-init-tasks.php:61

actionadmin_post_aiowps_firewall_downgradeclasses\wp-security-general-init-tasks.php:62

actionadmin_post_aiowps_firewall_setup_dismissclasses\wp-security-general-init-tasks.php:63

actiontemplate_redirectclasses\wp-security-general-init-tasks.php:71

filterthe_generatorclasses\wp-security-general-init-tasks.php:75

filterstyle_loader_srcclasses\wp-security-general-init-tasks.php:76

filterscript_loader_srcclasses\wp-security-general-init-tasks.php:77

filterrest_request_before_callbacksclasses\wp-security-general-init-tasks.php:100

filteroembed_response_dataclasses\wp-security-general-init-tasks.php:101

actionrest_api_initclasses\wp-security-general-init-tasks.php:106

actionlogin_formclasses\wp-security-general-init-tasks.php:144

actionmepr-login-form-before-submitclasses\wp-security-general-init-tasks.php:146

actionmepr-login-form-before-submitclasses\wp-security-general-init-tasks.php:147

actionwoocommerce_login_formclasses\wp-security-general-init-tasks.php:155

filterwoocommerce_process_login_errorsclasses\wp-security-general-init-tasks.php:158

actionwoocommerce_register_formclasses\wp-security-general-init-tasks.php:164

filterwoocommerce_process_registration_errorsclasses\wp-security-general-init-tasks.php:168

actionwoocommerce_after_checkout_billing_formclasses\wp-security-general-init-tasks.php:173

actionwoocommerce_after_checkout_validationclasses\wp-security-general-init-tasks.php:174

actionwoocommerce_lostpassword_formclasses\wp-security-general-init-tasks.php:179

actionlostpassword_postclasses\wp-security-general-init-tasks.php:182

actionbbp_theme_before_topic_form_submit_wrapperclasses\wp-security-general-init-tasks.php:189

filterlogin_form_middleclasses\wp-security-general-init-tasks.php:195

filterlogin_form_bottomclasses\wp-security-general-init-tasks.php:196

filterthe_password_formclasses\wp-security-general-init-tasks.php:201

actionlogin_form_postpassclasses\wp-security-general-init-tasks.php:202

actionlogin_formclasses\wp-security-general-init-tasks.php:208

actionregister_formclasses\wp-security-general-init-tasks.php:215

filterwp_is_application_passwords_availableclasses\wp-security-general-init-tasks.php:221

actionedit_user_profileclasses\wp-security-general-init-tasks.php:222

actionshow_user_profileclasses\wp-security-general-init-tasks.php:223

filterwp_die_handlerclasses\wp-security-general-init-tasks.php:227

actionlostpassword_formclasses\wp-security-general-init-tasks.php:241

actionlostpassword_postclasses\wp-security-general-init-tasks.php:242

actionmepr-forgot-password-formclasses\wp-security-general-init-tasks.php:245

actionmepr-forgot-password-formclasses\wp-security-general-init-tasks.php:246

filtermepr-validate-forgot-passwordclasses\wp-security-general-init-tasks.php:247

filterwp_login_errorsclasses\wp-security-general-init-tasks.php:254

actionsignup_extra_fieldsclasses\wp-security-general-init-tasks.php:263

filterwpmu_validate_user_signupclasses\wp-security-general-init-tasks.php:265

actionregister_formclasses\wp-security-general-init-tasks.php:272

actionmepr-checkout-after-password-fieldsclasses\wp-security-general-init-tasks.php:279

actionmepr-checkout-after-password-fieldsclasses\wp-security-general-init-tasks.php:280

filtermepr-validate-signupclasses\wp-security-general-init-tasks.php:281

actioncomment_form_after_fieldsclasses\wp-security-general-init-tasks.php:290

actioncomment_form_after_fieldsclasses\wp-security-general-init-tasks.php:291

filterpreprocess_commentclasses\wp-security-general-init-tasks.php:292

actioncomment_form_after_fieldsclasses\wp-security-general-init-tasks.php:297

actioncomment_form_after_fieldsclasses\wp-security-general-init-tasks.php:298

filterpreprocess_commentclasses\wp-security-general-init-tasks.php:299

actionbp_before_registration_submit_buttonsclasses\wp-security-general-init-tasks.php:305

actionbp_before_registration_submit_buttonsclasses\wp-security-general-init-tasks.php:306

actionbp_signup_validateclasses\wp-security-general-init-tasks.php:307

actiontemplate_redirectclasses\wp-security-general-init-tasks.php:312

actiontemplate_redirectclasses\wp-security-general-init-tasks.php:318

filtercomment_form_submit_fieldclasses\wp-security-general-init-tasks.php:320

actionupgrader_process_completeclasses\wp-security-general-init-tasks.php:325

filteraiowps_modify_php_firewall_rules_templateclasses\wp-security-general-init-tasks.php:329

actionuser_profile_update_errorsclasses\wp-security-general-init-tasks.php:344

actionvalidate_password_resetclasses\wp-security-general-init-tasks.php:348

filterhttp_request_reject_unsafe_urlsclasses\wp-security-general-init-tasks.php:353

filteraiowps_modify_captcha_settings_templateclasses\wp-security-general-init-tasks.php:358

filterallow_password_resetclasses\wp-security-general-init-tasks.php:609

filterallow_password_resetclasses\wp-security-general-init-tasks.php:814

filtercron_schedulesclasses\wp-security-installer.php:462

actionrest_api_initclasses\wp-security-onboarding.php:41

actionlogin_initclasses\wp-security-process-renamed-login-page.php:9

filtersite_urlclasses\wp-security-process-renamed-login-page.php:10

filternetwork_site_urlclasses\wp-security-process-renamed-login-page.php:11

filterwp_redirectclasses\wp-security-process-renamed-login-page.php:12

filterregisterclasses\wp-security-process-renamed-login-page.php:13

filteruser_request_action_email_contentclasses\wp-security-process-renamed-login-page.php:14

filteraiowpsecurity_setting_tabsclasses\wp-security-two-factor-login.php:36

filtertfa_user_ip_addressclasses\wp-security-two-factor-login.php:37

actionall_admin_noticesclasses\wp-security-two-factor-login.php:42

actioninitclasses\wp-security-two-factor-login.php:49

actionadmin_menuclasses\wp-security-two-factor-login.php:51

filterauthenticateclasses\wp-security-user-login.php:14

filterauthenticateclasses\wp-security-user-login.php:16

filterauthenticateclasses\wp-security-user-login.php:19

filterauthenticateclasses\wp-security-user-login.php:22

actionaiowps_force_logout_checkclasses\wp-security-user-login.php:23

actionwp_logoutclasses\wp-security-user-login.php:24

filterlogin_messageclasses\wp-security-user-login.php:25

actionall_admin_noticesclasses\wp-security-user-login.php:29

actionset_auth_cookieclasses\wp-security-user-login.php:32

actiondelete_expired_logged_in_users_eventclasses\wp-security-user-login.php:35

filterretrieve_password_messageclasses\wp-security-user-login.php:37

actionuser_registerclasses\wp-security-user-registration.php:10

filterwoocommerce_registration_auth_new_customerclasses\wp-security-user-registration.php:13

filterregistration_errorsclasses\wp-security-user-registration.php:17

actionlogin_initclasses\wp-security-wp-loaded-tasks.php:23

actionaffwp_process_login_formincludes\simba-tfa\includes\login-form-integrations.php:37

filtertml_displayincludes\simba-tfa\includes\login-form-integrations.php:40

filterwppb_login_form_bottomincludes\simba-tfa\includes\login-form-integrations.php:41

actioninitincludes\simba-tfa\includes\login-form-integrations.php:46

actionlogin_enqueue_scriptsincludes\simba-tfa\includes\login-form-integrations.php:48

filterdo_shortcode_tagincludes\simba-tfa\includes\login-form-integrations.php:51

filtersimba_tfa_login_enqueue_localizeincludes\simba-tfa\includes\login-form-integrations.php:53

filteredd_errorsincludes\simba-tfa\includes\login-form-integrations.php:55

actionplugins_loadedincludes\simba-tfa\providers\totp\loader.php:104

actionadmin_initincludes\simba-tfa\providers\totp\loader.php:106

actioninitincludes\simba-tfa\providers\totp\loader.php:109

actionadmin_noticesincludes\simba-tfa\providers\totp\loader.php:113

actionmanage_users_columnsincludes\simba-tfa\simba-tfa.php:126

actionwpmu_users_columnsincludes\simba-tfa\simba-tfa.php:127

actionmanage_users_custom_columnincludes\simba-tfa\simba-tfa.php:128

actionadmin_print_styles-users.phpincludes\simba-tfa\simba-tfa.php:131

actionadmin_menuincludes\simba-tfa\simba-tfa.php:133

actionadmin_initincludes\simba-tfa\simba-tfa.php:135

actioninitincludes\simba-tfa\simba-tfa.php:136

filterapplication_password_did_authenticateincludes\simba-tfa\simba-tfa.php:140

filterauthenticateincludes\simba-tfa\simba-tfa.php:142

actionshow_user_profileincludes\simba-tfa\simba-tfa.php:145

actionenqueue_block_assetsincludes\simba-tfa\simba-tfa.php:147

filterpre_update_optionincludes\simba-tfa\simba-tfa.php:149

actionlogin_headother-includes\wp-security-rename-login-feature-pre-5-2.php:36

actionlogin_headother-includes\wp-security-rename-login-feature-pre-5-2.php:38

actionlogin_headother-includes\wp-security-rename-login-feature-pre-5-2.php:55

actionlogin_headother-includes\wp-security-rename-login-feature-pre-5-7.php:46

actionlogin_headother-includes\wp-security-rename-login-feature-pre-5-7.php:48

actionlogin_footerother-includes\wp-security-rename-login-feature-pre-5-7.php:66

filterwp_robotsother-includes\wp-security-rename-login-feature-pre-6-6.php:49

actionlogin_headother-includes\wp-security-rename-login-feature-pre-6-6.php:50

actionlogin_headother-includes\wp-security-rename-login-feature-pre-6-6.php:52

actionlogin_footerother-includes\wp-security-rename-login-feature-pre-6-6.php:70

filterwp_robotsother-includes\wp-security-rename-login-feature.php:58

actionlogin_headother-includes\wp-security-rename-login-feature.php:59

actionlogin_headother-includes\wp-security-rename-login-feature.php:61

actionlogin_footerother-includes\wp-security-rename-login-feature.php:79

filteraios_management_permissionwp-security-core.php:85

actioninitwp-security-core.php:92

actioninitwp-security-core.php:93

actionwp_loadedwp-security-core.php:94

filtersaltwp-security-core.php:105

actionplugins_loadedwp-security-core.php:263

actionplugins_loadedwp-security-core.php:264

actionwp_footerwp-security-core.php:498

actionwp_loginwp-security-core.php:500

actionadmin_initwp-security-core.php:502

actiontemplate_redirectwp-security-core.php:504

actionall_admin_noticeswp-security.php:26

filterplugin_action_linkswp-security.php:69

actionwp_initialize_sitewp-security.php:87

Scheduled Events 6

aios_change_auth_keys_and_salt

aiowps_clean_old_events

aios_15_minutes_cron_event

aiowps_hourly_cron_event

aiowps_daily_cron_event

aiowps_weekly_cron_event

Maintenance & Trust

All-In-One Security (AIOS) – Security and Firewall Maintenance & Trust

Maintenance Signals

WordPress version tested7.0

Last updatedMar 25, 2026

PHP min version5.6

Downloads36.3M

Community Trust

Rating94/100

Number of ratings1,699

Active installs1.0M

Alternatives

All-In-One Security (AIOS) – Security and Firewall Alternatives

Bearmor Security

bearmor-security

100

Lightweight, powerful WordPress security for small businesses. Malware scanning, login protection, 2FA, hardening - most features FREE.

60 No CVEs

Ultimate Security – Login Protection, 2FA, CAPTCHA & Hardening

ultimate-security

100

Protect your WordPress site with 2FA, brute force protection, CAPTCHA, custom login URL, and security hardening.

10 No CVEs

Defender Security – Malware Scanner, Login Security & Firewall

defender-security

WordPress security plugin with malware scanner, IP blocking, audit logs, antivirus scans, firewall, 2FA, brute force login security, and more.

90K 7 CVEs

Wordfence Login Security

wordfence-login-security

Secure your website with Wordfence Login Security, providing two-factor authentication, login and registration CAPTCHA, and XML-RPC protection.

70K No CVEs

BulletProof Security

bulletproof-security

WordPress Security Protection: Malware scanner, Firewall, Login Security, DB Backup, Anti-Spam...

30K 12 CVEs

Developer Profile

All-In-One Security (AIOS) – Security and Firewall Developer Profile

David Anderson / Team Updraft

16 plugins · 6.4M total installs

trust score

Avg Security Score

97/100

Avg Patch Time

1159 days

View full developer profile

Detection Fingerprints

How We Detect All-In-One Security (AIOS) – Security and Firewall

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/all-in-one-wp-security-and-firewall/css/aios-settings.css/wp-content/plugins/all-in-one-wp-security-and-firewall/css/aios-dashboard.css/wp-content/plugins/all-in-one-wp-security-and-firewall/css/aios-notice.css/wp-content/plugins/all-in-one-wp-security-and-firewall/css/font-awesome.min.css/wp-content/plugins/all-in-one-wp-security-and-firewall/css/jquery-ui.css/wp-content/plugins/all-in-one-wp-security-and-firewall/css/bootstrap.min.css/wp-content/plugins/all-in-one-wp-security-and-firewall/js/aios-settings.js/wp-content/plugins/all-in-one-wp-security-and-firewall/js/aios-dashboard.js+5 more

Script Paths

/wp-content/plugins/all-in-one-wp-security-and-firewall/js/aios-settings.js/wp-content/plugins/all-in-one-wp-security-and-firewall/js/aios-dashboard.js/wp-content/plugins/all-in-one-wp-security-and-firewall/js/jquery.tablesorter.min.js/wp-content/plugins/all-in-one-wp-security-and-firewall/js/jquery.dataTables.min.js/wp-content/plugins/all-in-one-wp-security-and-firewall/js/bootstrap.min.js/wp-content/plugins/all-in-one-wp-security-and-firewall/js/tinymce.js+1 more

Version Parameters

all-in-one-wp-security-and-firewall/css/aios-settings.css?ver=all-in-one-wp-security-and-firewall/css/aios-dashboard.css?ver=all-in-one-wp-security-and-firewall/css/aios-notice.css?ver=all-in-one-wp-security-and-firewall/css/font-awesome.min.css?ver=all-in-one-wp-security-and-firewall/css/jquery-ui.css?ver=all-in-one-wp-security-and-firewall/css/bootstrap.min.css?ver=all-in-one-wp-security-and-firewall/js/aios-settings.js?ver=all-in-one-wp-security-and-firewall/js/aios-dashboard.js?ver=all-in-one-wp-security-and-firewall/js/jquery.tablesorter.min.js?ver=all-in-one-wp-security-and-firewall/js/jquery.dataTables.min.js?ver=all-in-one-wp-security-and-firewall/js/bootstrap.min.js?ver=all-in-one-wp-security-and-firewall/js/tinymce.js?ver=all-in-one-wp-security-and-firewall/js/jquery.form.js?ver=

HTML / DOM Fingerprints

CSS Classes

aiowps-settings-pageaiowps-dashboardaios-notice

HTML Comments

Data Attributes

data-noncedata-action

JS Globals

aiowps_settings_paramsaiowps_dashboard_paramsaiowps_tinymce_params

FAQ

All-In-One Security (AIOS) – Security and Firewall Security & Risk Analysis

Is All-In-One Security (AIOS) – Security and Firewall Safe to Use in 2026?

Generally Safe

Key Concerns

All-In-One Security (AIOS) – Security and Firewall Security Vulnerabilities

CVEs by Year

Severity Breakdown

All-In-One Security (AIOS) – Security and Firewall Release Timeline

All-In-One Security (AIOS) – Security and Firewall Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

All-In-One Security (AIOS) – Security and Firewall Attack Surface

AJAX Handlers 6

Shortcodes 2

Scheduled Events 6

All-In-One Security (AIOS) – Security and Firewall Maintenance & Trust

Maintenance Signals

Community Trust

All-In-One Security (AIOS) – Security and Firewall Alternatives

Bearmor Security

Ultimate Security – Login Protection, 2FA, CAPTCHA & Hardening

Defender Security – Malware Scanner, Login Security & Firewall

Wordfence Login Security

BulletProof Security

All-In-One Security (AIOS) – Security and Firewall Developer Profile

How We Detect All-In-One Security (AIOS) – Security and Firewall

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about All-In-One Security (AIOS) – Security and Firewall