Two-factor authentication for WordPress using Rublon

Rublon provides automatic two factor authentication for web applications. It currently supports Drupal, WordPress, Magento, PrestaShop and OpenCart. Two-factor authentication is definitely something that all web based applications should enforce, so using Rublon or some similar plugin is a good way to ramp up your security.

The installation itself is pretty straightforward, the plugin can be downloaded from the repository and no extra customization steps are needed. By using the provided QR code, you pair the plugin with the selected second factor – iOS app in my case. Rublon supports Android, Windows Phone and Blackberry as well.

When Rublon is activated, the first step to login to the admin interface is to use your standard username and password. After successfully inputing these credentials, a QR code will open. Using your iPhone camera and “snapping” the code will automatically authenticate you. The process is very quick, it literally takes a second.

Every time you logon via Rublon you will be asked whether you would like to acknowledge the computer you are using as a “trusted device”. If you choose this, a cookie is set so the next time you authenticate, you won’t need to scan the QR code at all.

In order to assure a high level of security Rublon will automatically disallow external applications to manage your website by disabling XML-RPC. You can enable XML-RPC from the Rublon settings screen.

If you are accessing your Rublon-enabled WordPress installation from an untrusted network or a computer without using SSL, be sure to change your password if you ever decide to turn off two-factor authentication.