Two-factor authentication for WordPress using Rublon
by Berislav Kucan - Friday, 28 February 2014.
Rublon provides automatic two factor authentication for web applications. It currently supports Drupal, WordPress, Magento, PrestaShop and OpenCart. Two-factor authentication is definitely something that all web based applications should enforce, so using Rublon or some similar plugin is a good way to ramp up your security.


The installation itself is pretty straightforward, the plugin can be downloaded from the repository and no extra customization steps are needed. By using the provided QR code, you pair the plugin with the selected second factor - iOS app in my case. Rublon supports Android, Windows Phone and Blackberry as well.


When Rublon is activated, the first step to login to the admin interface is to use your standard username and password. After successfully inputing these credentials, a QR code will open. Using your iPhone camera and "snapping" the code will automatically authenticate you. The process is very quick, it literally takes a second.


Every time you logon via Rublon you will be asked whether you would like to acknowledge the computer you are using as a "trusted device". If you choose this, a cookie is set so the next time you authenticate, you won't need to scan the QR code at all.

In order to assure a high level of security Rublon will automatically disallow external applications to manage your website by disabling XML-RPC. You can enable XML-RPC from the Rublon settings screen.

If you are accessing your Rublon-enabled WordPress installation from an untrusted network or a computer without using SSL, be sure to change your password if you ever decide to turn off two-factor authentication.



Spotlight

Operation Pawn Storm: Varied targets and attack vectors, next-level spear-phishing tactics

Posted on 23 October 2014.  |  Targets of the spear phishing emails included staff at the Ministry of Defense in France, in the Vatican Embassy in Iraq, military officials from a number of countries, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //