前言介紹
- 這款 WordPress 外掛「All-In-One Security (AIOS) – Security and Firewall」是 2013-06-02 上架。
- 目前有 1000000 個安裝啟用數。
- 上一次更新是 2025-04-02,距離現在已有 30 天。
- 外掛最低要求 WordPress 5.0 以上版本才可以安裝。
- 外掛要求網站主機運作至少需要 PHP 版本 5.6 以上。
- 有 1651 人給過評分。
- 論壇上目前有 88 個提問,問題解答率 82% ,不低,算是個很有心解決問題的開發者團隊了!
外掛協作開發者
pmbaldha | ruhul-amin | mbrsolution | wpsolutions | davidanderson | peter-petreski | tips-and-tricks-hq |
外掛標籤
firewall | security | login security | Malware Scanning | two factor authentication |
內容簡介
vated to your website, All-in-One Security's WAF will detect and block hacking attempts, adding an extra layer of security to your WordPress site. Our advanced Firewall protection engine incorporates the latest security practices and algorithms to keep your site safe from known and emerging threats, including XSS, SQL injection, directory traversal, and other common types of attacks. Other File Protection Features include:
File integrity monitoring: Get instant notifications when a file is modified or added to the backend of your site.
Code scanner: Scans your site for known malware and bad code.
Backup scanning: Scans your site backups for malware.
Blacklist monitoring: Configurable to notify you if your site is blacklisted by Google, Norton, McAfee, and other popular blacklists.
Firewall logging: Track activity and view logs related to your website's firewall settings.
CONTENT PROTECTION
All-In-One Security helps protect your website’s content from theft and misuse. Our Content Protection Features provide various measures to safeguard your content and prevent comment spam, including:
IP blocking: Block specific IP addresses from accessing your website.
iFrame Prevention: Prevent your website from being displayed within an iframe on another site, which could be used to scrape your site content.
Hotlink Protection: Block other sites from using your images and other media by displaying broken links or an alternate image.
Copywriting Protection: Add a customizable copyright notice at the bottom of your website's pages.
Spam comment protection: Our anti-spam features help reduce comment spam on your site: CAPTCHA, Comment Spam Pack, Block Disposable Emails.
OTHER FEATURES
All-In-One Security also includes a comprehensive User Role Editor, to manage your WordPress site's user roles and permissions, and a Database security section which includes a DB prefix changer and DB backup functionality. Additional features include:
Google Maps API Key settings for HTTP referrers can easily be added within the plugin.
Easy configuration and setup wizards to guide you through the setup of our security plugin without any technical knowledge required.
Free online support forum, with 24/7 dedicated support staff available to answer your security plugin questions and managing our plugin's development requests and bug reports. With over 5000 registered forum users, you can be assured of a quick response to your questions.
原文外掛簡介
THE TOP RATED WORDPRESS SECURITY AND FIREWALL PLUGIN
All-in-One Security (AIOS) is a security plugin designed especially for WordPress, now brought to you from the team at UpdraftPlus.
Customers love All-In-One Security because it’s easy to use, and it does a whole lot for free.
All-In-One Security gives you Login Security Tools, to keep bots at bay and protect your website from brute force attacks.
Our Web Application Firewall gives you automatic protection from security threats.
Content Protection Features protect what you’ve worked so hard to build; All-In-One Security eliminates comment spam and prevents other websites from stealing your content with features like iFrame prevention and copywriting protection.
Still on the fence?
We’re currently the Only WordPress Security Plugin with a 5 Star user rating across more than 1 million installs.
Our security team maintains a list of known exploits, actively building protections against them and releasing these as new firewall rules to free and paying customers, at the same time.
We’re already the world’s number one for backups, so you know you can trust us with the security of your website too.
LOGIN SECURITY FEATURE SUITE
Protect against brute-force attacks and keep bots at bay. All-In-One Security takes WordPress’ default login security features to a whole new level.
Supports best practice: All-In-One Security detects if an account has the default ‘admin’ username or if a user has identical login and display names, prompting the user to change this in support of better security practices.
Hide login page from bots: Configure a custom URL for the WordPress ‘Admin’ login page, making it harder for bots to find.
Change default wp_ prefix: Hackers use automated code to attack websites like yours. Make life harder for them and protect your site with this simple but effective AIOS security feature.
Login lockout: External users making multiple login attempts can be locked out for a configured period of time. You can also lockout users with invalid usernames. See a list of all locked out users and unlock with one click.
Reporting: All-In-One Security provides a wealth of information about website users. View activity by username, IP address, login and logout dates and times. See a list of users currently logged in, and a list of all failed login attempts.
Force logouts: Ensure users don’t stay logged in indefinitely. With All-In-One Security you can force logouts for all users after a configurable amount of time.
Robot verification: For additional security and to prevent spam registrations, implement Cloudflare Turnstile, Google reCAPTCHA, plain maths CAPTCHA or a honeypot to registration pages, or enable manual approval of user accounts instead.
Stops user enumeration: Prevent external users and bots from fetching user information via author permalink.
Two-factor authentication: All-In-One Security TFA supports Google Authenticator, Microsoft Authenticator, Authy and many more.
Password strength tool: Calculates how long it would take for your password to be cracked through a brute force attack.
General visitor lockout Put your site into “maintenance mode” and lock down the front-end to all visitors. This can be useful while doing back end tasks, like performing site upgrades or investigating security threats.
WordPress Salts Security Feature Extended: All-In-One Security adds 64 new characters to WordPress Salts and changes them weekly, making it even more challenging for hackers to crack your users’ WordPress passwords.
FIREWALL & FILE PROTECTION SECURITY SUITE
A Web Application Firewall (WAF) is your website’s first line of defence, protecting your site by monitoring traffic and blocking malicious requests.
Progressively activate firewall settings: These range from basic, intermediate and advanced.
Automatic protection from the latest threats: Our team maintains a list of known exploits, actively building protections against them which are then released as new firewall rules to free and paying customers.
6G blacklist: All-In-One Security incorporates ‘6G Blacklist’ firewall rules, protecting your site against a known list of malicious URL requests, bots, spam referrers and other attacks (courtesy of Perishable Press).
Protect against fake Google bots: Bots presenting as Google crawlers can steal your content and litter your webpage with comment spam. Protect against it with the All-In-One Security Web Application Firewall.
Blacklist functionality: Ban users by IP address, IP address range or by specifying user agents.
Prevent DDOS attacks: Prevent malicious users from performing DDOS attacks through a known vulnerability in WordPress XML-RPC pingback functionality.
Prevent image hotlinking: Protect server bandwidth and your website’s content by preventing other sites from using your imagery via hotlinking.
Cross site scripting (XSS) protection: All-In-One Security prevents attackers from injecting malicious script into your website via a special cookie.
File change detection: Security scanners alert you to file changes in your WordPress system, so you can see if a change is legitimate or suspicious, and investigate as appropriate.
Disable PHP file editing: Protect your PHP code by disabling the ability to edit files in the WordPress administration area.
Permission setting alerts: Identify files or folders where the permission settings are not secure and correct with one-click.
Ability to create custom rules: Advanced users can add custom rules to block access to various resources on your site.
Access prevention: Prevent external users from accessing the readme.html, license.txt and wp-config-sample.php files of your WordPress site.
CONTENT PROTECTION SECURITY SUITE
Eliminate spam, protect your WordPress content, and your search engine rankings with these important security features from All-In-One-Security.
Comment SPAM prevention : Webpages littered with spam comments damage your brand, effect the user experience and impact SEO.
All-In-One Security stops SPAM at the source by preventing comments that originate from other domains. AIOS automatically and permanently blocks spammers’ IP addresses. Site owners can use Cloudflare Turnstile or Google reCAPTCHA to reduce comment spam and block malicious users with just one click.
iFrame protection: Preventing other websites from reproducing your content via an ‘iFrame’ is a useful security feature that protects your intellectual property and your website visitors.
Copywriting protection: Stop users from stealing your content by disabling the right-click, select and copy text function.
Disable RSS and Atom Feeds: RSS and Atom Feeds can be used by bots to ‘scrape’ your website content and present it as their own. This feature prevents that by disabling RSS and Atom Feeds on your website.
LATEST AND GENERAL SECURITY FEATURES
Audit Log: The All-In-One Security audit log gives Admins a view of events taking place on their WordPress website. They can see if anything strange is happening and detect security risks. For example, you can see if a plugin or theme has been added, removed, updated, activated or deactivated without your knowledge or consent.
INTERESTED IN AIOS PREMIUM?
For even greater protections, consider All-In-One Security (AIOS) Premium. It’s one of the most cost-effective and comprehensive WordPress Security plugins on the market and extends the powers of ‘Free’ with:
MALWARE SCANNING (Premium only)
Finding out by accident that your website’s security has been compromised due to malware is too late.
Malware can have a dramatic effect on search rankings. It can slow your site down, access customer data, send unsolicited emails, change your content or prevent users from accessing it.
Alerts you to blacklisting: Search engines can very quickly blacklist a site hacked with malicious code. All-In-One Security Premium monitors your site’s status daily and alerts you if you’ve been blacklisted.
Notification if something is amiss: We’ll notify you of any malware issues within 24 hours so you can take action, before it’s too late.
Response time monitoring: You’ll know immediately if website response time is negatively affected.
Up-time monitoring: All-In-One Security checks website uptime every 5 minutes. We’ll notify you if your site/server goes down.
Flexible assignment: Register and remove WordPress sites from security scanning at any time.
Security Reports: Security Reports are available via the ‘My Account’ page and directly via email.
FLEXIBLE TWO-FACTOR AUTHENTICATION (PREMIUM ONLY)
TFA is available in our free packages. All-In-One Security Premium affords whole new levels of control over how TFA is implemented.
Role specific configuration: Make TFA compulsory for certain roles, e.g. for admin and editor roles.
Require TFA after set time period: For example, you could require all admins to have TFA once their accounts are a week old.
Trusted Devices: Ask for TFA after a chosen number of days for trusted devices instead of on every login.
Anti-bot Protection: Option to hide the existence of forms on WooCommerce login pages unless JavaScript is active.
Customise design layout: Customise the design of TFA so that it aligns with your existing web design.
Emergency Codes: Generate a one-time use emergency code to allow access if your device is lost.
Multisite Compatible: Compatible with WordPress multisite networks and sub-sites.
Support for login forms: Support for WooCommerce and Affiliates-WP, Elementor Pro, bbPress and all third-party login forms without any further coding needed. Also compatible with ‘Theme my Login’
SMART 404 BLOCKING (PREMIUM ONLY)
404 errors occur when someone legitimately mistypes a URL, but they’re also generated by hackers searching for security weaknesses in your site.
Block bots producing 404s: All-In-One Security Premium automatically and permanently blocks IP addresses of bots and hackers based on how many 404 errors they generate.
Reporting: Handy charts keep you informed of how many 404s have occurred and which IP address or country is producing them
COUNTRY BLOCKING (PREMIUM ONLY)
Most security attacks come from a handful of countries and so it’s possible to prevent most attacks with our country blocking tool.
* Block traffic based on country of origin: All-In-One Security Premium utilises an IP database that promises 99.5% accuracy.
* Block traffic to specific pages: Block access to your whole WordPress site or on a page-by-page basis.
* Whitelist some users from blocked countries: Whitelist IP addresses or IP ranges even if they are part of a blocked country.
PREMIUM SUPPORT
Unlimited support: Personalised, email support as and when you need it.
Fastest response times: We offer a response time of three days. 99% of All-In-One Security Premium customers receive a response to
their enquiry within 24 hours.
Plugin Support
If you have a question or problem with the All-In-One Security plugin, post it on the support forum and we will help you. Premium customers can log queries directly with the team via https://teamupdraft.com/all-in-one-security/
Developers
If you are a developer and you need some extra hooks or filters for this plugin then let us know.
Translations
All-In-One Security plugin can be translated to any language.
Currently available translations:
English
German
Spanish
French
Hungarian
Italian
Swedish
Russian
Chinese
Portuguese (Brazil)
Persian
Privacy Policy
This plugin may collect IP addresses for security reasons such as mitigating brute force login threats and malicious activity.
The collected information is stored on your server. No information is transmitted to third parties or remote server locations.
Usage
Go to the settings menu after you activate the plugin and follow the instructions.
各版本下載點
- 方法一:點下方版本號的連結下載 ZIP 檔案後,登入網站後台左側選單「外掛」的「安裝外掛」,然後選擇上方的「上傳外掛」,把下載回去的 ZIP 外掛打包檔案上傳上去安裝與啟用。
- 方法二:透過「安裝外掛」的畫面右方搜尋功能,搜尋外掛名稱「All-In-One Security (AIOS) – Security and Firewall」來進行安裝。
(建議使用方法二,確保安裝的版本符合當前運作的 WordPress 環境。
1.0 | 1.1 | 1.2 | 1.3 | 1.4 | 1.5 | 1.6 | 1.7 | 1.8 | 1.9 | 2.0 | 2.2 | 2.3 | 2.4 | 2.5 | 2.6 | 2.7 | 2.8 | 2.9 | 3.0 | 3.1 | 3.2 | 3.3 | 3.4 | 3.6 | 2.1.1 | 2.8.1 | 3.5.1 | 3.7.1 | 3.7.3 | 3.7.5 | 3.7.6 | 3.7.7 | 3.8.7 | 3.9.5 | 3.9.6 | 3.9.9 | 4.0.1 | 4.0.3 | 4.0.7 | 4.0.8 | 4.0.9 | 4.1.0 | 4.1.4 | 4.1.7 | 4.2.2 | 4.2.8 | 4.2.9 | 4.3.1 | 4.4.0 | 4.4.2 | 4.4.4 | 4.4.8 | 4.4.9 | 5.0.0 | 5.0.1 | 5.0.2 | 5.0.3 | 5.0.4 | 5.0.5 | 5.0.6 | 5.0.7 | 5.0.8 | 5.0.9 | 5.1.0 | 5.1.1 | 5.1.2 | 5.1.3 | 5.1.4 | 5.1.5 | 5.1.6 | 5.1.7 | 5.1.8 | 5.1.9 | 5.2.0 | 5.2.1 | 5.2.2 | 5.2.3 | 5.2.4 | 5.2.5 | 5.2.6 | 5.2.7 | 5.2.8 | 5.2.9 | 5.3.0 | 5.3.1 | 5.3.2 | 5.3.3 | 5.3.4 | 5.3.5 | 5.3.6 | 5.3.7 | 5.3.8 | 5.4.0 | trunk | 4.4.10 | 4.4.11 | 4.4.12 | 5.3.10 | 4.3.7.1 | 4.3.7.2 | 4.3.8.1 | 4.3.8.2 | 4.3.8.3 | 4.3.9.1 | 4.3.9.2 | 4.3.9.3 | 4.3.9.4 |
延伸相關外掛(你可能也想知道)
Solid Security – Password, Two Factor Authentication, and Brute Force Protection 》ing iThemes Security Plugin can benefit you:, 保護您的 WordPress 網站的最佳外掛程式, 平均每天有 30,000 個網站遭受駭客攻擊,在網路上每 39 秒就會有一...。
WP 2FA – Two-factor authentication for WordPress 》這是一款免費且易於使用的 WordPress 二階段驗證外掛。, 在 WordPress 網站登錄頁面和使用者上加入額外的安全層。啟用兩階段驗證(2FA),它是保護使用者免於...。
Wordfence Login Security 》WORDFENCE 登入安全性, Wordfence 登入安全性包含在完整的 Wordfence 插件中發現的功能子集:雙因素驗證、XML-RPC 保護和登入頁 CAPTCHA。, 你正在尋找全面的...。
Google Authenticator – 2FA, MFA, OTP SMS and Email 》Google Authenticator – 雙重因素(2FA / OTP) –, 使用 TOTP 登入 2FA 方式,如 Duo/Microsoft/Google Authenticator,來保護您的 WordPress 網站登入頁面。, ...。
WordPress 2-step verification 》WordPress 2步驟驗證(Wp2sv)為您的 WordPress 帳戶增加了額外的安全層。, 除了您的用戶名和密碼,當您登入時,您還需要輸入由 Android/iPhone/Blackberry ...。
Two Factor (2FA) Authentication via Email 》WordPress是全球最受歡迎的內容管理系統(CMS),超過40%的網站正在運行它。因此,WordPress已成為黑客利用漏洞入侵網站的目標。增強WordPress網站安全性的...。
Rublon Multi-Factor Authentication (MFA) 》重新掌控您的公司!, , 所有員工的帳戶安全, 無需配置或培訓, , , 安全專家和行業專業人員推薦, “我印象深刻!” — Tony Perez,Sucuri , ...。
Two Factor Authentication (2FA , MFA, OTP SMS and Email) 》多因素驗證-雙重因素(2FA/OTP)-可以為任何基於 TOTP 的驗證方法(例如谷歌驗證器、Microsoft驗證器等)配置多因素驗證來保護您的WordPress網站。它還支持OTP通...。
Per User Prompt for Google Authenticator 》WordPress外掛 <a href="https://wordpress.org/plugins/google-authenticator/" rel="ugc">Google Authenticator</a>是一個很好的方式,可將雙因素驗證...。
SecSign 》SecSign ID – 以行動裝置登入網站的方式, SecSign ID 是適用於 WordPress 網站的實際雙重身分驗證 (2FA) 的外掛程式,2FA 透過使用第二個驗證方法來為您的網...。
Encourage User Activation for Google Authenticator 》Google Authenticator 外掛是在你的網站上增加雙重身分驗證的好方法,但為了讓它發揮功效,使用者必須自行啟用它。他們可能不知道這個選項,或者沒有動機啟用...。
Ecommerce – Two Factor Authentication 》on (2FA) Premium Lite Plugin is an advanced version of the free plugin with additional features., Multiple Authentication Methods: Google Authentic...。
Senpai Software – Two-factor authentication (2FA) with a key file 》- 此外掛讓你可以將你電腦上的任何檔案轉換成一個唯一的 Key,以便進入管理區。- 檔案不會被下載或實際存儲在網站上。- 不會產生額外的安全風險。- 不會產生...。
WordPress Strong Authentication 》WordPress Strong Authentication 讓您可以使用第二因素(財產項目)對使用者進行驗證。, 只有當使用者能夠提供這個第二因素時,他才能登入。, 此第二因素可...。
SnapID Two-Factor Authentication 》感謝您選擇SnapID™作為雙重身分驗證服務。很不幸地,我們將於2020年5月1日停止提供此免費服務。請在此日期之前停用此外掛以避免問題。我們為此造成的不...。