Two-factor authentication for WordPress using Rublon
by Berislav Kucan - Friday, 28 February 2014.
Rublon provides automatic two factor authentication for web applications. It currently supports Drupal, WordPress, Magento, PrestaShop and OpenCart. Two-factor authentication is definitely something that all web based applications should enforce, so using Rublon or some similar plugin is a good way to ramp up your security.


The installation itself is pretty straightforward, the plugin can be downloaded from the repository and no extra customization steps are needed. By using the provided QR code, you pair the plugin with the selected second factor - iOS app in my case. Rublon supports Android, Windows Phone and Blackberry as well.


When Rublon is activated, the first step to login to the admin interface is to use your standard username and password. After successfully inputing these credentials, a QR code will open. Using your iPhone camera and "snapping" the code will automatically authenticate you. The process is very quick, it literally takes a second.


Every time you logon via Rublon you will be asked whether you would like to acknowledge the computer you are using as a "trusted device". If you choose this, a cookie is set so the next time you authenticate, you won't need to scan the QR code at all.

In order to assure a high level of security Rublon will automatically disallow external applications to manage your website by disabling XML-RPC. You can enable XML-RPC from the Rublon settings screen.

If you are accessing your Rublon-enabled WordPress installation from an untrusted network or a computer without using SSL, be sure to change your password if you ever decide to turn off two-factor authentication.



Spotlight

Bash Shellshock bug: More attacks, more patches

Posted on 29 September 2014.  |  As vendors scramble to issue patches for the GNU Bash Shellshock bug and companies rush to implement them, attackers around the world are probing systems for the hole it opens.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Sep 30th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //