How To: Strengthen Your WordPress Login Process with Rublon: Free Plugin Review
If you want to improve the security of your WordPress site then Rublon is a free service that will be of interest to you.
The service adds two-factor authentication to the login process for WordPress sites, as well as other platforms, in order to limit the fallout should your passwords become compromised.The two-factor authentication involves using your smartphone to scan a QR code during the login process to your site. This means that should your passwords be stolen, your account cannot be accessed, unless the culprit has access to your phone as well. In their words …
Your online accounts can be accessed from any device in the world, often without your knowledge. Rublon protects your personal data, as well as business and financial operations, by restricting access from unknown devices.
Use Rublon to manage and define the devices you trust, such as your laptop, tablet and mobile phone. Rublon secured accounts will only be accessible from your Trusted Devices. The Rublon mobile app allows you to add or remove Trusted Devices anytime, anywhere you are.
Read More »
This sounds like a useful service to implement, but how does it work in practice? Read our Rublon review to find out if this is a viable way to improve the security for WordPress sites.
This is a sponsored review, it is completely my opinion and not influenced in any way by being paid. If you would like to order a sponsored review, please visit our promotions page.
As this device uses your smartphone as part of the increased security it brings to your site, the installation is a two part process.
The first step is to install the free WordPress plugin on your site. As the plugin is available from the WordPress plugin repository, it can be installed directly from the admin area of your site. Just do a search for ‘rublon’.
The second step involves installing the free app on your phone. There are apps available for iOS, Android, BlackBerry and Windows Phone operating systems. Simply go to the corresponding marketplace or store for your phone and locate and install the app. For this review I am using the Android app which is only 351k in size.
After you install the Rublon mobile app, you will have to sign up by simply providing an email address, so that you can disable and recover your Rublon account in the future in case you lose or change your smartphone.
Once installed on your WordPress site, the plugin adds a new menu item to the dashboard side menu from where the settings can be accessed. To be honest, there aren’t any options for the plugin. Its main function is to take you to the Rublon website where you can confirm your identity in order to start using the service.
To do this, it’s simply a case of using the Rublon app to scan a QR code that is displayed on the Rublon site and entering your email address. Once that is done, your account on your WordPress site is now protected by Rublon.
So what does this mean? It means that when you attempt to login to your account on your WordPress site from a new computer for the first time, you will not only be required to enter your username and password as usual, but you will also need to scan a QR code on your smartphone or other capable device.
After entering your WordPress login credentials, a page that contains the QR code will load. By scanning the image with your phone, you will be logged into your WordPress site. As this happens, you are asked via your smartphone, if the computer is a trusted device or not.
By stating that the computer or device you are logging into your site on is a trusted device, you can bypass the Rublon QR code login for future visits on the same computer. If you aren’t on a device you trust, such as a public computer, then you will be required to carry out a Rublon QR code authentication each time you login.
Rublon is a very simple way to beef up the security on your WordPress sites. The app is very easy to use and made scanning the QR codes very easy, even on a laptop screen with a fair amount of overhead glare.
While you might be worried about using a third party service to add an extra layer of security to your site, it is possible to bypass the protection by deleting the plugin files from your server should your phone cease to operate or you need instant access. This could also be considered a security flaw by some. It’s also a good reminder to make sure your WordPress login details aren’t the same as your FTP login details.
If your trusted device, such as your laptop falls into the wrong hands, along with your passwords, then the perpetrator will still be able to login without your smartphone. This is because the QR code won’t be shown during login, as they will be using a trusted device. This has been thought of, so this is why their mobile app gives you the possibility to remotely manage your trusted devices.In such a case simply open the app, go to your list of trusted devices, remove your laptop and you’ll still be secure.
Overall this is a very simple and easy to use plugin. It does what it sets out to do which is add two-factor authentication to WordPress, adding another layer of protection to your precious website can only be a good thing.