If you have been looking into improving the security of your WordPress blog or website, for sure you have read about implement two-factor authentication mechanism, also known as two-way authentication or two-step authentication for stronger authentication mechanism in WordPress.
The truth is that once you implement two-factor authentication on your WordPress, the login procedure becomes a little bit of a burden because each time you want to login you have to enter a onetime code in addition to your WordPress username and password.
Rublon Makes Two-Factor Authentication Practical
Don’t fret though! If you still want to add two-factor authentication to your WordPress without the hassle of entering a random onetime code each time, Rublon has a solution! Rublon is a free WordPress plugin and service that makes two-factor authentication, easy, hassle free and invisible.
In this blog post we will explain what two-factor authentication is, why and how two-factor authentication improves the security of your WordPress blog or website, and how to set up invisible and hassle free two-factor authentication on your WordPress with Rublon.
What is Two-Factor Authentication?
Two-factor authentication is a process which involves two stages to verify the identity of a user trying to access a computer or a service. In other words, rather than using only your username and password to login to WordPress, you have to also provide an additional onetime code.
Existing two-factor authentication solutions for WordPress require you to enter the one time code each time you need to login to your WordPress, which is typically provided to you via an app running on your smartphone or tablet device, or which you receive via SMS which typically you have to pay for.
Therefore the WordPress login process is prolonged and you always have to have your smartphone or tablet device with you to login to your WordPress blog or website.
Why You Need Two-Factor Authentication on WordPress
The advantage of having two-factor authentication implemented on your WordPress is that even if your WordPress credentials are stolen, or guessed via a brute force attack, the attacker still cannot login because he or she does not have access to your smartphone or device to retrieve the onetime code. Therefore it adds an additional layer of security to your WordPress login page.
How Rublon Makes Two-Factor Authentication Hassle Free, aka Invisible
Rublon took two-factor authentication a step further and automated the process, so you do not have to enter a onetime code each time you need to login to your WordPress. Once you install the Rublon plugin on WordPress and register with the Rublon service, configure a list of trusted devices from where you will login to your WordPress blog or website and that is it!
With Rublon enabled, once you login from a trusted device, it is business as usual; just specify your WordPress username and password. Should you need to login from an untrusted new device you can add it to the list of trusted devices through a smartphone app which is available on Android, iOS (iPhone, iPod, iPad etc.), BlackBerry and Windows Phone.
Trusted devices can be managed (added and removed) through the smartphone app.
Setting Up Invisible Two-Factor Authentication on WordPress with Rublon
Install the Rublon Smartphone App
Start off by downloading and installing the Rublon smartphone app, which is available on all digital distribution platforms: Google Pay, Apple AppStore, Windows Phone Store and BlackBerry World.
Once you install the app, specify your email address to register an account. The email address will be used to verify and activate your account, and for future communications, such as when a new device is added.
Install and Activate the Rublon WordPress Plugin
The Rublon WordPress plugin can be downloaded from the official WordPress repository. Don’t get influenced by the low number of downloads. The only reason why they are few is simply because the plugin is not yet popular in the WordPress community, i.e. it does not reflect the quality and capabilities of the plugin.
Once you activate the plugin you will be redirected to the Rublon section in your WordPress dashboard to configure two-factor authentication for your account, as seen in the screenshot below.
Enable invisible two-factor authentication on your WordPress and add this device / browser combination to the list of trusted devices by clicking on Protect your Account. Upon clicking the button you will be redirected to a webpage with a QR code, as shown in the below screenshot.
Launch the Rublon app on your smartphone or device to scan the QR code. Once the QR code is scanned you are automatically redirected back to your WordPress dashboard and the device / browser combination is added to the list of trusted devices.
That is it! From now onwards each time you login to your WordPress your login will be checked against the Rublon servers, and unless you are logging in with the secured username and trusted device / browser combination, you will be denied access. That’s a very secure, hassle free and an invisible process isn’t it?
Note: In a muIti user WordPress installation each user should set up his Rublon account and list of trusted devices.
Once the Rublon WordPress plugin is installed a Rublon logo will also be added to your WordPress login box as seen in the below screenshot.
Adding Trusted Devices from Where You Can Login to WordPress
Should you need to add a device to the list of trusted devices, login to your WordPress from a different device / browser configuration and you will be redirected to a webpage with a QR code, hosted by Rublon. Again, launch the smartphone app and scan the QR code to add the new device to the list of trusted devices.
Removing Trusted Devices from Rublon
Should you no longer need to login from a particular device / browser combination, then you should remove the trusted device from the list. To do so, launch your Rublon app on your smartphone or device, click on the “Trusted Devices” button and click the device you would like to remove. Click the Remove button to remove the devices from the list of trusted devices.
Additional Security for Rublon App on Smartphones
The Rublon app can also be protected via a 4 digit PIN code, so even if your smartphone is stolen no one can add trusted devices and login to your WordPress blog or website. Your account will also be deactivated should the PIN be entered incorrectly for 5 times.
WordPress Two-Factor Authentication with Rublon – Our Verdict
As WordPress security consultants we always recommended our customers to implement two-factor authentication on their WordPress and other web applications. Though when you weigh the pros and cons of security versus practicality, sometimes two-factor authentication is too much of a hassle. People already hate remembering passwords, let alone adding another factor to it.
But Rublon made two-factor authentication hassle free, invisible. Therefore now it is possible to add a new layer of security to your WordPress blog or website without effecting practicality or productivity. And it is not just that! The whole Rublon system (plugin and service) is a very neat solution and well designed and documented.
Maybe it is has not matured yet in the WordPress community, but it is a fully blown two-factor authentication solution that has the potential to grow in the WordPress community. For example when you add a new trusted device you will receive an email alerting you of your Rublon account change. Or when you click on a trusted device in your Rublon app, you will get all the required information about that device, such as when it was added, when was the last login from that device and the IP address of the device. This gives you full control of your account and WordPress logins, and as well peace of mind.
Our verdict is simple. If you are looking for two-factor authentication for your WordPress, look no further. Rublon is the solution.