Alexandru Bucsa

Hi @pdjp ,

Appreciate you taking the time to write this up. Let me address both points directly.

1) Why most settings are disabled by default
This is intentional. Many AIOS features (firewall rules, login renaming, .htaccess changes, 6G blacklist, brute-force lockouts, etc.) can break a site or lock an admin out depending on the host, theme, caching layer, or other plugins installed. Turning them all on by default would cause more broken sites than blocked attacks, especially for users who don’t yet know which features fit their setup.
We hear the “it’s overwhelming” feedback though, which is exactly why we already shipped an Onboarding Wizard. It walks you through the main settings we recommend enabling, in plain language, and at the end you have a site configured with the recommended baseline without having to hunt through dozens of pages.

2) The audit log
The audit log isn’t optional bloat, it’s core security infrastructure. Brute-force protection, login lockouts, IP-based blocking, and several other detection features all rely on event data being recorded. Switching logging off would effectively disable parts of the plugin that are doing the blocking you want it to do. This is consistent with how Wordfence, Sucuri, Solid Security and other reputable security plugins operate: no log, no protection.

I’d love to understand what would turn this from 3 stars into 5 stars for you. The “settings off by default” piece is already solved by the Onboarding Wizard. The audit log piece is a design choice we’re not going to reverse, but we’d be happy to look at retention rules and how we could address this bloat.

If you’re up for it, drop a thread on the support forum (https://ww.wp.xz.cn/support/plugin/all-in-one-wp-security-and-firewall/) tagging this review, and we can look into how to address your issues. If we earn a higher rating after that, great. If not, your feedback still shapes where the product goes next.

Alexandru Bucsa
Product Manager, AIOS

Hi @saidalt ,

Thank you for taking the time to leave a review and share these logs, we really appreciate the detailed feedback!

Regarding the warnings you’re seeing:

The WPCF7_TagGenerator deprecation notice is related to our CAPTCHA integration with Contact Form 7. CF7 updated their tag generator API to version 2, and this is causing deprecation warnings. Rest assured, this is on our radar and we’ll be updating our integration to use the newer API.

The other two warnings (strpos() and str_replace() with null parameters) are generic PHP 8.x deprecation notices that could be coming from any plugin, theme, or even WordPress core, they’re not necessarily related to AIOS.

Important to note: These are deprecation warnings, not errors. They won’t affect your site’s functionality or security, they’re simply PHP’s way of flagging code that will need updating in future PHP versions.

That said, we’d love to help you investigate further! Please open a thread on our support forum and we’ll take a closer look at your setup to ensure everything is running smoothly.

Since these warnings don’t impact your site’s security or functionality, and we’re already working on updating the integration, we’d really appreciate it if you’d consider revising your rating. A 5-star review goes a long way in supporting our team and helps other users discover AIOS with confidence. If there’s anything else holding you back from a perfect score, let us know, we’d love to make it right.

Thanks again for using All-In-One Security!

Best,
Alexandru Bucsa
Product Manager

Hi @spectraemail

Thank you for taking the time to share your detailed feedback. I’m sorry to hear that you experienced difficulties with our plugin, especially since you appreciated many of its features. Your input is valuable to us, and I’d like to address your concerns directly.

Regarding your key points:
1) Live Traffic Monitoring: You’re right—this feature isn’t currently included in this fashion. We’ve noted your request and are evaluating it for future updates.

2) Compatibility & IP Blocking: Running multiple security plugins simultaneously can indeed cause conflicts, particularly with .htaccess rules and firewall functionality. Our plugin is designed to be comprehensive, which is why it may conflict with similar features in other security solutions. However, we understand that every site has unique needs.

3) Flexibility: We agree security isn’t one-size-fits-all! That’s why we prioritize granular controls (e.g., toggling individual modules like firewall rules). If you’d consider giving it another try, we recommend enabling features incrementally to avoid conflicts. Our support team can assist with this.

I’d love to help you get this working properly. If you’re willing to give it another try, please reach out to our support team directly with details about your other security plugin and server configuration. We can provide specific guidance for your setup and potentially identify any bugs that need addressing. Additionally, as the Product Manager, I’d also appreciate the chance to discuss your experience in more detail. Your insights are very valuable to us, and I’d love to hear how we can improve AIOS to prevent issues like this for others. Could you reach out via our contact form and ask for a conversation with me? I’ll prioritize your case personally.

Either way, we respect your decision and thank you for your time.

Sincerely,
Alexandru Bucsa
Product Manager, All In One Security

Hi Mike (@mikewitt2015 ),

Thank you for taking the time to share your experience, and more importantly, for trusting our plugin on your sites for years. I’m genuinely sorry to hear about the frustration this has caused you and your clients—lockouts are disruptive, and I completely understand why this would negatively impact your confidence in the plugin.

Your feedback is very valuable, and I’d personally like to understand exactly what went wrong so we can improve—not just for you, but for others who might face similar issues. If you’re open to it, I’d welcome a direct conversation to dig deeper into the problem. Even if you’ve moved on, your insights could help us improve for future users.

You can reach out via our contact form and ask for me (the Product Manager). No pressure, but know the door is always open. Either way, thank you for your years of support—we’ll use this as motivation to do better.

Wishing you all the best,
Alexandru Bucsa
Product Manager, All In One Security

Hi Shaun,

Thank you for being a loyal user of our plugin over the years—we truly appreciate your support. I’m genuinely sorry to hear about the sudden 403 error preventing you from accessing your login page. Situations like this can be incredibly frustrating, especially when the cause isn’t immediately clear.

Your experience is important to us, and we’d love to investigate this further. The 403 error could come from a conflict with server settings, or a security rule being triggered inadvertently. To resolve this promptly and ensure it doesn’t happen again, could you please reach out to us via our contact form? Mention this issue and ask for a conversation with me (the product manager), so we can prioritise your case and work toward a solution.

Your feedback is invaluable in helping us improve the plugin. If you’re open to it, I’d also love to discuss your experience in more detail to better understand how we can prevent such issues for users like you in the future.

Thank you again for your patience and for giving us the chance to make this right. We’re here to help!

Best regards,
Alexandru Bucsa
Product Manager, All In One Security