Is All In One WP Security & Firewall (all-in-one-wp-security-and-firewall) WordPress Plugin Secure?

When you order a security review of the plugin All In One WP Security & Firewall from us we will check it for the following issues (and then work with the developer to fix any issues that are found):

  • Insecure file upload handling (this is the cause of the most exploited type of vulnerability, arbitrary file upload)
  • Deserialization of untrusted data
  • Security issues with functions accessible through WordPress’ AJAX functionality (those are a common source of disclosed vulnerabilities these days)
  • Persistent cross-site scripting (XSS) vulnerabilities in the frontend portions of the plugin and in the admin portions accessible to users with the Author role or below
  • Cross-site request forgery (CSRF) vulnerabilities in the admin portion of the plugin
  • SQL injection vulnerabilities (the code that handles requests to the database)
  • Reflected cross-site scripting (XSS) vulnerabilities
  • Security issues with functions accessible through any of the plugin’s shortcodes
  • Security issues with functions accessible through the admin_action action
  • Security issues with functions accessible through the admin_init action
  • Security issues with functions accessible through the admin_post action
  • Security issues with import/export functionality
  • Security issues with usage of the is_admin() function
  • Security issues with usage of the add_option(), delete_option(), and update_option() functions
  • Security issues with usage of the extract() function
  • Host header injection vulnerabilities
  • Lack of protection against unintended direct access of PHP files
  • Insecure and unwarranted requests to third-party websites
  • Any additional possible issues identified by our Plugin Security Checker

If you become a paying customer of our service you can suggest/vote for the plugin to receive a security review from us for no additional cost.

When using our service you will be promptly alerted if a vulnerability is publicly disclosed in the All In One WP Security & Firewall plugin or any other WordPress plugins being used on your website(s) (and you can check if plugins you are considering using are known to be vulnerable at any time). You can currently sign up for a free trial of our service to see what vulnerabilities have already been disclosed in the plugins you use.