Rublon Multi-Factor Authentication (MFA)

Description

Rublon MFA is a multi-factor authentication (MFA) solution that protects your organization’s data and access to networks, servers, and applications. Rublon MFA provides MFA for cloud apps, VPNs, servers, and Microsoft technologies using authentication methods like Mobile Push, SMS Passcode, QR Code, WebAuthn/U2F Security Keys, and more.

Rublon MFA is easy to use, affordable, and scalable. It helps reduce compliance risk, improve user experience, and reduce costs. Rublon MFA is compatible with a variety of technologies, including but not limited to VPN, Remote Desktop Services (RDS), Outlook Web App (OWA), LDAP, RADIUS, and WordPress.

Start your Free 30-Day Trial and see how easy it is to get started with Rublon MFA.

To learn more, visit www.rublon.com.

Recommended by Security Experts and Industry Professionals

“The fact that I could speak instantly with tech support while evaluating was super important. Connecting with Rublon technicians via remote sessions was SUPER handy to assist with setting things up.” — Chris D., Manager of GIS/IT

“We were able to get Rublon MFA installed, tested, and in use in under a day across all offices.” — Ethan M. Hospital & Health Care

“Product was absolutely superb for integrating MFA into our RDS solution very easy to use and the moblie app was brilliant for our end users.” — Scott L., IT Network Manager

“we tested a trial version, it was very easy to set up. we got the pricing immediately. other suppliers did not even replied to my email yet and i already implemented Rublon” — Mihail B., Logistics Manager

“I searched for a tool for a very specific security need and Rublon filled that need perfectly. Not only does it work every single time as expected, the support and setup are amazing! Highly recommended.” — Charles D., Financial Services

Read More

In What Languages Is Rublon For WordPress Available?

  • English
  • German
  • Japanese (translated by Digital Cube)
  • Turkish (translated by Mehmet Emre Baş, proofread by Tarık Çayır)
  • Polish

Follow Us

Facebook | LinkedIn | Twitter

Legal notice

I have read and agree to the Terms of Service and Privacy Policy before installing the Rublon WordPress Plugin.

Screenshots

  • Rublon Multi-Factor Authentication (MFA) in progress
  • Select the authentication method on the Rublon Prompt
  • Confirm your identity by clicking an Email Link
  • Confirm your identity by scanning the QR Code using the Rublon Authenticator mobile app
  • Confirm your identity by approving a Mobile Push notification using the Rublon Authenticator mobile app
  • Confirm your identity by entering a Mobile Passcode (TOTP) generated by the Rublon Authenticator mobile app
  • Confirm your identity by entering a one-time code sent in an SMS text message
  • Confirm your identity using a WebAuthn/U2F Security Key
  • Confirm your identity using YubiKey OTP
  • Make Rublon remember your device on consecutive logins
  • Identity has been confirmed.
  • Connect Rublon Multi-Factor Authentication (MFA) with your application in the Rublon Admin Console using the System Token and Secret Key

Installation

  1. Log in to your WordPress administration panel using an administrator account.
  2. Go to “Plugins” -> “Add New” and search for “Rublon” using the plugins search box.
  3. Click the “Install Now” button inside the Rublon plugin box in the search results and confirm the installation.
  4. Click on “Activate Plugin”.
  5. Go to Rublon plugin settings and enter System Token and Secret Key of your application from Admin Console website.
  6. During your next login, confirm your identity via an email link Rublon sends you.
  7. Optional: For more security and control, install the Rublon mobile app onto your phone (available for Android, iOS).

Server requirements

  • PHP version 5.5.1 or greater
  • cURL PHP extension enabled

FAQ

Why Do I Need Multi-Factor Authentication (MFA)?

Botnets carry out brute-force attacks against thousands of WordPress sites and blogs every day, regardless of size. Once inside, botnets infect your visitors with malware. A compromised website leads to delisting by search engines or blocking by your hosting provider. Rublon Multi-Factor Authentication (MFA) prevents such attacks.

Why Are Passwords Not Enough?

Many people use simple, easy-to-guess passwords which can be easily broken or stolen. If you use the same password across multiple devices, services, or on unsecured connections, such as public Wi-Fi networks, you are an easy target for hackers. Botnets can attempt to compromise WordPress sites by using millions of common passwords and character combinations.

How Does Rublon MFA Work?

Rublon Multi-Factor Authentication (MFA) adds an extra layer of security on top of your usual login & password WordPress logins. First, a user enters their username and password as always. Then, Rublon displays the Rublon Prompt. The user can select one of the available authentication methods, such as Mobile Push or WebAuthn/U2F Security Key. After selecting and completing the authentication method, the user gains access to WordPress.
The Rublon Prompt also allows users to self-enroll their mobile device or security key if they have not already. Further, thanks to the Rublon Prompt, the user can check the Remember this device checkbox to bypass MFA during subsequent logins on a selected device.

Why Should I Use Rublon MFA?

Rublon is simple and user-friendly. Activate the plugin, enter the System Token and Secret Key from the Rublon Admin Console, and you’re done. Your users don’t have to install or configure any additional software. Rublon is so simple to use that your users won’t need training. Once they confirm their identity on a device, they can choose to remember this device and log in by only entering their WordPress password.

How Is Rublon MFA Different?

Traditional Multi-Factor Authentication solutions demand users to enter a one-time password each time they want to log in. That’s why people don’t like them. Rublon is different. With Rublon, you confirm your identity by clicking a link, tapping a push notification on your phone, or touching a FIDO security key. Rublon doesn’t force you to type anything on your keyboard and gives you many authentication options to find your favorite.

How Much Does Rublon Cost?

Rublon Multi-Factor Authentication is an all-in-one package that contains Rublon MFA for WordPress and dozens of other products, applications, and integrations. You can start a Free Rublon Trial and enjoy all features for 30 days. If you only want to protect one WordPress account, you will never have to pay! For more information, visit our Pricing page.

How Can I Protect My WordPress Account With Rublon MFA?

Simply install the Rublon for WordPress plugin and activate it. Then, create a new WordPress application in the Rublon Admin Console and copy the values of the System Token and Secret Key. For full detailed instructions (including screenshots), refer to our Documentation.

Does Rublon MFA Support Phone-Based, Out-Of-Band Multi-Factor Authentication?

Yes! Just install the Rublon Authenticator mobile app on your phone (available for Android and iOS). After entering your WordPress login credentials, you will be prompted to verify your account in one of the following ways:
* Enter the TOTP code (Time-Based One-Time Password)
* Scan a QR code
* Confirm login using a push notification
* Copy the verification code from the SMS sent to your mobile number

Do All My Users Have to Be Protected by Rublon MFA?

No. You can choose which users you want to protect. You can protect everyone or only select groups of users. You can use Group Policies to decide who is protected and how, including which authentication methods Rublon should allow and logins from which IP ranges Rublon should bypass.

Will Rublon MFA Know My Login Credentials?

No. Rublon never knows your credentials or those of your users. They are never transmitted to our servers. Rublon does its work in the background only after WordPress verifies your password. It’s an independent security layer that sits beneath the login form.

Why is Using the Rublon Authenticator Mobile App More Secure Than Email-Based Authentication?

The Rublon Authenticator mobile app holds your digital identity with your private encryption key, which never leaves your phone. With any action requiring the mobile app, such as confirming your identity, the Rublon app generates a unique encrypted digital signature. Gaining access to an email account without multi-factor authentication is easier than stealing your private key from your phone and reusing it.

Reviews

2019-08-29
Instantly and effectively broke my test site and prevented me from logging in once the site was back up. Absolute rubbish. Glad I tested it on our dev site rather than a client site.
2018-06-09 1 reply
This is really one of most interesting two factors plugin for Wordpress. Unfotunally, it says that my admin account is not protected and say to look at my profile to activate it. In the users view, there is a Rublon icon that say my account is protected. WTF ? There is no any options in the user profile page…
2017-02-20 1 reply
In the last two months I’ve been locked out from 3 or 4 of my websites by Rublon. I was using my usual laptop which worried me. Changed no settings, didn’t update anything major. Let me down one too many times and now looking for alternatives. DON”T USE THIS SOFTWARE.
2016-12-04
We have been using Rublon for about a year now. While it seems to work when it is turned on, there are definitely issues. Example: it is not set up to work with WPMU DEV support access. So every time we open the backdoor to allow support access, we have to deactivate Rublon. When we reactivate it a day or two later, we get an error message that says “Warning! Your account’s protection is disabled. Ask yor [sic] Administrator for more information.” So we send an email to support. The error message disappears a day or two after that with no explanation from Rublon support. This also happens whenever we have to deactivate plugins (including Rublon) to test for conflicts — which happens every few weeks. While we like the concept of two-factor authentication, we are still wondering if Rublon is the best tool to use for that purpose.
2016-09-03
Plugin ok, BUT you need to pay if you want more than 1 login.. Also, the first screen still shows wp login form for everyone…then the 2 factor after that still giving people a chance to attempt login..
Read all 89 reviews

Contributors & Developers

“Rublon Multi-Factor Authentication (MFA)” is open source software. The following people have contributed to this plugin.

Contributors

“Rublon Multi-Factor Authentication (MFA)” has been translated into 1 locale. Thank you to the translators for their contributions.

Translate “Rublon Multi-Factor Authentication (MFA)” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Changelog

4.4.5

  • Updated tags and license

4.4.4

  • Improved cookie saving mechanism

4.4.3

  • Updated SDK

4.4.2

  • Updated icons

4.4.1

  • Updated the menu icon

4.4.0

  • Removed unnecessary API calls
  • Added checkApplication endpoint for plugin validation and improved version compatibility.
  • Updated Rublon SDK
  • Obfuscated the Secret Key on the plugin’s settings page
  • Improved validation of Rublon API credentials
  • Added an API URL field on the plugin’s settings page
  • Improved labels and icons

4.3.2

  • Added support for Theme My Login plugin

4.3.1

  • Fixed issues with PHP 8

4.3

  • Updated Rublon SDK

4.2.2

  • Fixed disappearing settings after plugin update

4.2.1

  • Fixed the lib directory path

4.2.0

  • Improved the process of adding WordPress users to the Rublon Admin Console

4.0.0

  • Rublon Core Systems update
  • New plugin activation process

3.2.12

  • Added message regarding upcoming changes in Rublon plugin and Rublon API service

3.2.11

  • Fixed authentication process for multisite configuration

3.2.10

  • Fixed the return URL which is sent during the authentication process on multisite installation

3.2.9

  • Removed deprecated method
  • Rublon core libraries update

3.2.8

  • Added compatibility with Peter’s Login Redirect plugin
  • Fixed issue with missing method wp_destroy_current_session for WordPress version < 4.0
  • Added monochromatic Rublon icon

3.2.7

  • Improved error handling
  • Rublon core libraries update

3.2.6

  • Optimized temporary data cleaning
  • Rublon core libraries update

3.2.5

  • Fixed issues with coexistence with a membership plugin
  • Rublon core libraries update

3.2.4

  • Fixed disabling/enabling XML-RPC which caused problems with using WordPress mobile app
  • Rublon Badge updated
  • Plugin name changed to “Rublon Two-Factor Authentication”
  • Rublon core libraries update

3.2.3

  • Translations updated
  • Rublon core libraries update