All-In-One Security (AIOS) Firewall Review: It Doesn’t Deliver Great Results
In 2022, the WordPress security plugin All In One WP Security & Firewall was rebranded as All-In-One Security (AIOS). The removal of emphasis on a firewall is probably fitting, as the plugin’s firewall capability is rather limited and the developers don’t seem to have a good grasp of it.
The plugin has long shipped with two firewalls not developed by the developers of the plugin. Called 5G and 6G, these two firewalls are outdated versions of the nG firewall. While the plugin recommends using 6G, in our testing we have found 5G provides more protection than 6G. And 6G only provides a subset of the protection of 5G. Without additional configuration, the plugin provides no firewall protection.
Even when the plugin is configured to provide as much protection as possible, it doesn’t do a great job.
Since 2021, we have done 16 tests of a large group of WordPress security plugins to see if they would protect against real vulnerabilities that had existed in other plugins. In those tests, All-In-One Security (AIOS) provided protection in only two of the tests.
Another method of testing we have is automated testing to see if WordPress firewall plugins will protect against the same attacks our own Plugin Vulnerabilities Firewall plugin can. The results for the plugin are not good. With All-In-One Security (AIOS) providing protection against only 14.7% of the test, in the most recent run we did of that at the beginning of January.
In addition to limited firewall protection, you get a plugin that has been developed by two companies with poor security track records. Including both of them thinking it was somehow acceptable to not disclose the ownership had changed hands. That situation is just of a part why we recommend against using plugins from the new developer because of their poor handling of security (security issues keep coming up with them and with AIOS).