All In One WP Security & Firewall review

Two of the best ways to secure a WP site are to install a plugin that will do this job for you and configure it or tweak config files on the server and install firewall software that protects your site. The second method is not easy, but the first one is.

A powerful plugin will not only harden your site’s security but also protect it from different types of vicious online attacks. The WordPress repository contains several security extensions. Some extensions are widely used; many/some are new and have few ratings. People who don’t want to risk the site’s security can install a plugin with good ratings/reviews. A WP extension that fulfills this requirement is AIOWSF.

AIOWPSF is active on over a million sites, and its rating is 4.8+ out of 5. Is it better than Wordfence, Jetpack, and other similar products? What features does it offer? Here’s our unbiased review of AIOWPSF.

All In One WP Security and Firewall

AIOSF adds over a dozen new pages to the WP dashboard. Each page has a unique setting. AIOSF not only rates the entire site’s security but also rates individual settings. The dashboard page shows the overall rating of your site’s security and shows toggle buttons to turn off or enable critical features of the plugin.

The settings page lets you back up important files – the files required by the site or the server to keep functioning, i.e the wp-config.php, htaccess files. You can also back up the DB with the plugin.

AIOWPS comes with the password strength checker tool, which takes a password as input and displays the number of years/months/days/hours/minutes it would take for someone to crack it. Other pages of AIOSF are as follows:


AIOWPSF allows users to activate these four basic firewall rules with one click of a button:

  • Block access to htaccess file.
  • Limit file upload by file size.
  • Deny access to wp-config.
  • Disable the server signature.

In addition to enabling basic firewall rules, you can configure AIOSF to block access to the debug log file, XMLRPC file, etc.

AIOWPSF keeps spam away from the site by adding a captcha to the comment form or blocking spam bots automatically. It can automatically identify the IP addresses posting spam comments repeatedly on a site and block the IP if the number of spam comments the user has posted reaches the threshold set by the admin.


The Scanner module of AIOSF identifies and shows recently modified PHP files in the WP installation directory. It also allows you to compare the last scan operation with the newest one.


Although the plugin can block spammers or IPs of users requesting an important file repeatedly, you may want to block a user manually. The Blacklist section of AIOSF has a form where you can put a list of IP addresses or user agents you want to block.

File System

This module identifies the permissions of the files in the WordPress installation directory and allows you to modify the same if the permission is inappropriate with a click of a button.


All In One WP Security and Firewall have comprehensive login page security features. It can limit login attempts and instantly lock users trying to sign in to your WP site with an invalid user name. It can notify admins each time it blocks an IP and allows you to set the time for which the banned user should remain banned.

If your PC has been assigned a static IP address, you can whitelist your IP in this plugin. AIOSF logs the IPs of visitors who tried logging into your website but failed to do so. You can configure it to automatically log out a logged-in visitor after X minutes of signing in.

If you’re running a membership site, you can see the visitor login and logout activities in the login security section of the plugin. You can also view the list of users currently signed in to their accounts on your website.

Database security

If, for some reason, you want to change the WP table prefix, you can do so from the Database Security section of the plugin. AIOWPSF can generate a random six-letter string and make the same prefix for your site’s database tables. Creating backups is another great way of securing database data. Sometimes, you may forget to back up your site’s database. To ensure this mistake doesn’t prove to be costly, you can enable the scheduled backups in this WP extension. The extension can keep N backups and send the site’s DB backup to your email address.

Brute Force protection

All In One Security & Firewall allows you to activate the cookie-based brute force protection system and enables users to rename the login page. It can add a captcha to log in, registration, comments, etc form and also enables you to whitelist IP addresses that the plugin should ignore while monitoring brute force attacks. You can also enable the Honeypot system for the login page in AIOSF.

Maintenance Mode

Before updating a site or making major changes, it is good to put a website into maintenance mode. As AIOWPSF has a maintenance mode function built-in, you won’t have to install a third-party plugin.

Miscellaneous settings

The Miscellaneous section of AIOSF has some interesting settings. It allows you to disable right-clicks on website pages. Thereby preventing visitors from copying your site’s content to their clipboard. This section also enables you to turn on the iFrame protection feature, deactivate user enumeration, and enable the blocking of unauthorized REST requests.

Closing words: When configured properly, AIOSF protects your website like a Pro. It is thus a great security plugin.


Pramod is the founder of wptls. He has been using WordPress for more than nine years. He builds web applications, and writes about his experiences with various WP products on this site.

Leave a Reply

Your email address will not be published. Required fields are marked *