• Access & Security 95
  • Administration 171
  • Advertisement 92
  • Audio & Video 66
  • Author & Content 99
  • Comments 96
  • Communication 110
  • Communities & Forums 84
  • Development 47
  • E-Commerce 76
  • Email Management 53
  • Events & Calendars 80
  • Language 25
  • Map & Weather 44
  • Migration & Conversion 28
  • Miscellaneous 254
  • Mobile 15
  • Photos 143
  • Plugins 260
  • SEO & Site Speed 118
  • Social 186
  • Theme Enhancement 169

  • Add this plugin to a List

    You need to be logged in to add this plugin to your list.

    All In One WP Security & Firewall

    Add to List


    All-in-One Security (AIOS) is a security plugin designed especially for WordPress, now brought to you from the team at UpdraftPlus.
    Customers love All-In-One Security because it’s easy to use, and it does a whole lot for free.

    All-In-One Security gives you Login Security Tools, to keep bots at bay and protect your website from brute force attacks.

    Our Web Application Firewall gives you automatic protection from security threats.

    Content Protection Features protect what you’ve worked so hard to build; All-In-One Security eliminates comment spam and prevents other websites from stealing your content with features like iFrame prevention and copywriting protection.

    Still on the fence?

    • We’re currently the Only WordPress Security Plugin with a 5 Star user rating across more than 1 million installs.
    • Our security team maintains a list of known exploits, actively building protections against them and releasing these as new firewall rules to free and paying customers, at the same time.
    • We’re already the world’s number one for backups, so you know you can trust us with the security of your website too.


    Protect against brute-force attacks and keep bots at bay. All-In-One Security takes WordPress’ default login security features to a whole new level.

    • Supports best practice: All-In-One Security detects if an account has the default ‘admin’ username or if a user has identical login and display names, prompting the user to change this in support of better security practices.
    • Hide login page from bots: Configure a custom URL for the WordPress ‘Admin’ login page, making it harder for bots to find.
    • Change default wp_ prefix: Hackers use automated code to attack websites like yours. Make life harder for them and protect your site with this simple but effective AIOS security feature.
    • Login lockout: External users making multiple login attempts can be locked out for a configured period of time. You can also lockout users with invalid usernames. See a list of all locked out users and unlock with one click.
    • Reporting: All-In-One Security provides a wealth of information about website users. View activity by username, IP address, login and logout dates and times. See a list of users currently logged in, and a list of all failed login attempts.
    • Force logouts: Ensure users don’t stay logged in indefinitely. With All-In-One Security you can force logouts for all users after a configurable amount of time.
    • Robot verification: For additional security and to prevent spam registrations, implement Cloudflare Turnstile, Google reCAPTCHA, plain maths CAPTCHA or a honeypot to registration pages, or enable manual approval of user accounts instead.
    • Stops user enumeration: Prevent external users and bots from fetching user information via author permalink.
    • Two-factor authentication: All-In-One Security TFA supports Google Authenticator, Microsoft Authenticator, Authy and many more.
    • Password strength tool: Calculates how long it would take for your password to be cracked through a brute force attack.
    • General visitor lockout Put your site into “maintenance mode” and lock down the front-end to all visitors. This can be useful while doing back end tasks, like performing site upgrades or investigating security threats.
    • WordPress Salts Security Feature Extended: All-In-One Security adds 64 new characters to WordPress Salts and changes them weekly, making it even more challenging for hackers to crack your users’ WordPress passwords.


    A Web Application Firewall (WAF) is your website’s first line of defence, protecting your site by monitoring traffic and blocking malicious requests.

    • Progressively activate firewall settings: These range from basic, intermediate and advanced.
    • Automatic protection from the latest threats: Our team maintains a list of known exploits, actively building protections against them which are then released as new firewall rules to free and paying customers.
    • 6G blacklist: All-In-One Security incorporates ‘6G Blacklist’ firewall rules, protecting your site against a known list of malicious URL requests, bots, spam referrers and other attacks (courtesy of Perishable Press).
    • Protect against fake Google bots: Bots presenting as Google crawlers can steal your content and litter your webpage with comment spam. Protect against it with the All-In-One Security Web Application Firewall.
    • Blacklist functionality: Ban users by IP address, IP address range or by specifying user agents.
    • Prevent DDOS attacks: Prevent malicious users from performing DDOS attacks through a known vulnerability in WordPress XML-RPC pingback functionality.
    • Prevent image hotlinking: Protect server bandwidth and your website’s content by preventing other sites from using your imagery via hotlinking.
    • Cross site scripting (XSS) protection: All-In-One Security prevents attackers from injecting malicious script into your website via a special cookie.
    • File change detection: Security scanners alert you to file changes in your WordPress system, so you can see if a change is legitimate or suspicious, and investigate as appropriate.
    • Disable PHP file editing: Protect your PHP code by disabling the ability to edit files in the WordPress administration area.
    • Permission setting alerts: Identify files or folders where the permission settings are not secure and correct with one-click.
    • Ability to create custom rules: Advanced users can add custom rules to block access to various resources on your site.
    • Access prevention: Prevent external users from accessing the readme.html, license.txt and wp-config-sample.php files of your WordPress site.


    Eliminate spam, protect your WordPress content, and your search engine rankings with these important security features from All-In-One-Security.

    • Comment SPAM prevention : Webpages littered with spam comments damage your brand, effect the user experience and impact SEO.
      All-In-One Security stops SPAM at the source by preventing comments that originate from other domains. AIOS automatically and permanently blocks spammers’ IP addresses. Site owners can use Cloudflare Turnstile or Google reCAPTCHA to reduce comment spam and block malicious users with just one click.
    • iFrame protection: Preventing other websites from reproducing your content via an ‘iFrame’ is a useful security feature that protects your intellectual property and your website visitors.
    • Copywriting protection: Stop users from stealing your content by disabling the right-click, select and copy text function.
    • Disable RSS and Atom Feeds: RSS and Atom Feeds can be used by bots to ‘scrape’ your website content and present it as their own. This feature prevents that by disabling RSS and Atom Feeds on your website.


    • Audit Log: The All-In-One Security audit log gives Admins a view of events taking place on their WordPress website. They can see if anything strange is happening and detect security risks. For example, you can see if a plugin or theme has been added, removed, updated, activated or deactivated without your knowledge or consent.


    For even greater protections, consider All-In-One Security (AIOS) Premium. It’s one of the most cost-effective and comprehensive WordPress Security plugins on the market and extends the powers of ‘Free’ with:

    MALWARE SCANNING (Premium only)

    Finding out by accident that your website’s security has been compromised due to malware is too late.

    Malware can have a dramatic effect on search rankings. It can slow your site down, access customer data, send unsolicited emails, change your content or prevent users from accessing it.

    • Alerts you to blacklisting: Search engines can very quickly blacklist a site hacked with malicious code. All-In-One Security Premium monitors your site’s status daily and alerts you if you’ve been blacklisted.
    • Notification if something is amiss: We’ll notify you of any malware issues within 24 hours so you can take action, before it’s too late.
    • Response time monitoring: You’ll know immediately if website response time is negatively affected.
    • Up-time monitoring: All-In-One Security checks website uptime every 5 minutes. We’ll notify you if your site/server goes down.
    • Flexible assignment: Register and remove WordPress sites from security scanning at any time.
    • Security Reports: Security Reports are available via the ‘My Account’ page and directly via email.


    TFA is available in our free packages. All-In-One Security Premium affords whole new levels of control over how TFA is implemented.

    • Role specific configuration: Make TFA compulsory for certain roles, e.g. for admin and editor roles.
    • Require TFA after set time period: For example, you could require all admins to have TFA once their accounts are a week old.
    • Trusted Devices: Ask for TFA after a chosen number of days for trusted devices instead of on every login.
    • Anti-bot Protection: Option to hide the existence of forms on WooCommerce login pages unless JavaScript is active.
    • Customise design layout: Customise the design of TFA so that it aligns with your existing web design.
    • Emergency Codes: Generate a one-time use emergency code to allow access if your device is lost.
    • Multisite Compatible: Compatible with WordPress multisite networks and sub-sites.
    • Support for login forms: Support for WooCommerce and Affiliates-WP, Elementor Pro, bbPress and all third-party login forms without any further coding needed. Also compatible with ‘Theme my Login’


    404 errors occur when someone legitimately mistypes a URL, but they’re also generated by hackers searching for security weaknesses in your site.

    • Block bots producing 404s: All-In-One Security Premium automatically and permanently blocks IP addresses of bots and hackers based on how many 404 errors they generate.
    • Reporting: Handy charts keep you informed of how many 404s have occurred and which IP address or country is producing them


    Most security attacks come from a handful of countries and so it’s possible to prevent most attacks with our country blocking tool.
    * Block traffic based on country of origin: All-In-One Security Premium utilises an IP database that promises 99.5% accuracy.
    * Block traffic to specific pages: Block access to your whole WordPress site or on a page-by-page basis.
    * Whitelist some users from blocked countries: Whitelist IP addresses or IP ranges even if they are part of a blocked country.


    • Unlimited support: Personalised, email support as and when you need it.
    • Fastest response times: We offer a response time of three days. 99% of All-In-One Security Premium customers receive a response to
      their enquiry within 24 hours.

    Plugin Support

    • If you have a question or problem with the All-In-One Security plugin, post it on the support forum and we will help you. Premium customers can log queries directly with the team via


    • If you are a developer and you need some extra hooks or filters for this plugin then let us know.


    • All-In-One Security plugin can be translated to any language.

    Currently available translations:

    • English
    • German
    • Spanish
    • French
    • Hungarian
    • Italian
    • Swedish
    • Russian
    • Chinese
    • Portuguese (Brazil)
    • Persian

    Privacy Policy

    This plugin may collect IP addresses for security reasons such as mitigating brute force login threats and malicious activity.
    The collected information is stored on your server. No information is transmitted to third parties or remote server locations.


    Go to the settings menu after you activate the plugin and follow the instructions.

    Rate This Plugin

    Please Login to Rate this Plugin!




    0 Votes
    Not Rated Yet Stats

    Last Updated28 Days ago
    Published11 years ago

    Report Wrong Category!

    Do you think this Plugin belongs to another Category?

    What Category Should this Plugin belong to? *

    Reason *

    Create a Plugin List

    You need to be Logged in to Create a Plugin List.

    Submit A plugin

    You need to be logged in to submit a plugin.


    WPD is the unofficial online plugin directory of WordPress.

    An attempt has been made to list Only functional, active,efficient and up-to-date plugins.

    Categorized : Plugin are listed by category and subcategory based on functionality and uses. Here you can browse wordpress plugin from our neatly categorized plugin directory and sort the plugins by rating, votes, last updated and published and search plugins using tags.

    Search : Plugins can be searched by their functionality using multi-tag search and you can search plugins using their exact name although we are not ensuring Google like search accuracy.

    Create Plugin Lists : You will be able to create list of plugins and share them with Wordpress Community or you can keep them private and use them as a bookmarks.
    e.g. Plugins That I’ve Used on My Site, Best Event Management Plugins, Christmas Plugins etc.

    If you think certain awesome plugin is not in the directory then notify us through our Submit a Plugin page.

    Browsing the Plugin Directory

    Browse by Category

    In WPD, Plugins are categorized carefully. You can browse all the categories from the homepage or you can access the category lists from any page by clicking the button from the left of the website.

    Browse by Tags

    Each plugin listed in WPD is marked with useful tags. You can browse plugins by Tags from the All Tags page

    Searching in WPD

    Multi Tag Search

    You can search plugins using multiple tags. To perform a multi-tag search. Go to Homepage and then in the search field type any keywords or tags(comma separated) and then click on the search button. To search plugins from a selected category just select the category from the dropdown and type your tags.

    Searching a specific Plugin in WPD

    If you want to find a specific plugin in our directory, Go to Homepage and then select the "Search in Title" option. Then write the name of the plugin and click the search button to find the Plugin.

    Plugin Lists

    Whats a Plugin List

    Plugin Lists are user created lists of plugins. Any registered users can create Plugin Lists and share it with anyone or make it private.

    Why Create a plugin List?
    • Easy to keep track of your favourite and useful plugin.

    • Share list of plugins on blogs, social media or to a client.

    • Keep a track of what plugins you installed in which of your blogs by creating a list for each blog

    Creating a Plugin List

    To create a Plugin List, click the button from the left of the page; a popup box will appear. In the "List Name" field, put the name of the List. eg: Best Seo plugins for your site.
    In the Description field, put a few words describing the List.
    By default, lists are automatically published as public, which is visible to everyone. If you do not want others to see the List, select "Private" from the dropdown list. Then click the "Create List" button to create the list.

    Adding Plugins to your List

    To add a plugin to your List, go to a plugin page and click the "Add to List" button. A popup box will appear where you can select in which of your list you want to add this plugin. You can add a note if you want, this note will appear below the plugin in your list.
    P.S: You can only add plugins that are in our directory.

    Your Lists will appear in our "Plugin Lists" page when you set the list as "Public" and your list contains atleast 2 plugins.

    Editing your Lists

    When you are on your list page, notice there is a button on the top right corner of the page. Click it to edit the List Name and the List Description.

    Accessing All your Lists

    You can access all your Plugin lists by going to your profile and clicking the "Lists" tab.

    Removing your Lists

    You can remove your Plugin lists by going to your profile and clicking the "Lists" tab. on top right of each list click the button to remove the list completely.

    While tremendous effort has been put to keep this directory precise and complete, still errors and omissions are unavoidable and possible. We welcome any suggestions for corrections, deletions, and idea that might improve the overall experience.

    To submit a Feedback click the from the bottom right corner of the site.

    Brave Popup Builder
    Our Latest WordPress Plugin
    Create Awesome WordPress Popups with Intuitive visual Editor. Choose from hundreds of Presets. Create Beautiful Popups and convert more visitors to subscribers, clients and customers.
    This Popup was Built with this plugin.
    Marketing knowledge
    Upgrade your
    Leverage agile frameworks to provide a robust synopsis for high overviews.
    Register or log in to assess the record