All-In-One Security Premium Release 1.0.4 Release

The latest release from AIOS includes a new IP lookup function that will help developers identify suspicious activity such as password resets.

Our new IP lookup function informs web owners of the IP address of anyone who tries to reset your password, or lockdown your site. If that happens, you’ll receive an immediate email containing this crucial security information. This will help you identify any suspicious or potentially malicious activity. For example, if the IP address comes from an unrecognised country, it’s likely fraudulent.

The release also includes a security fix to remove unnecessary uses of the tab query parameter on various admin menu pages. This helps to prevent cross-site scripting vulnerabilities. Cross site scripting allows malicious users to inject unwanted scripts into your website, in this case through the AIOS admin page. Thank you to Matthew Rollings for disclosing the vulnerability.

Premium release 1.0.4 also contains a number of smaller tweaks and fixes, full details of which can be found below.

• SECURITY: Removed unnecessary use of the tab query parameter on various admin menu pages to prevent a XSS vulnerability. Thanks to Matthew Rollings for disclosing this defect.
• FEATURE: Added Reverse IP Lookup location data to login lockdown notification email
• Feature: Enhance reset password email by adding IP info
• Fix: A fatal error on PHP 8.0+ when you have premium active but not the free version
• Fix: Smart 404 blocking does not work if time zone other than UTC set.
• Tweak: Various tweaks to get codebase up to coding standards
• Tweak: Removed some unused files