Search Over 30,000 FREE Plugins from the Official WordPress Plugin Directory Repository

Rublon Two-Factor Authentication

Instant account security with effortless, email-based two-factor authentication; optional mobile app for more security; no tokens.

The Best Two-Factor Authentication for WordPress

  • Instantly increase security for you (Personal Edition) and all users (Business Edition)*
  • 1-click download; 1-click activation
  • No configuration or training needed

The Most Advanced and Intuitive Two-Factor Authentication

10 Reasons Rublon Rocks:

Recommended by Security Experts and Industry Professionals

"Impressed" — Tony Perez, Sucuri
"A must for any WordPress install" — Christian Elsen, VMware
"The easiest and most secure 2-factor auth" — Max Monty
"Absolutely essential for all WordPress installs" — Chuck Lasker
"A little marvel of a plugin and authentication system" — Álvaro Degives Más
"The best 2-factor authentication solution for WordPress" — rain3r.walt3r
"Two-factor authentication for our thousands of customers" — Steve Truman, a3rev
Read more

Why Do I Need Two-Factor Authentication?

Botnets carry out brute force attacks against thousands of WordPress sites and blogs every day, regardless of size. Once inside, botnets infect your visitors with malware. A compromised website leads to delisting by search engines or blocking by your hosting provider. Rublon Account Security prevents such attacks.

Why are Passwords Not Enough?

Many people use a simple, easy-to-guess password. It can be easily stolen when they use multiple devices; the same password across multiple services; or on unsecured connections, such as public Wi-Fi networks. Botnets hammer at your WordPress site trying to compromise it using millions of common passwords and character combinations.

How Does Rublon Work?

During the first login, confirm your identity by clicking on the link you’ll receive via email. Your next login from the same device will only require your WordPress password. For additional security, the Rublon mobile app scans a Rublon Code to confirm your identity.

Why Should I Use Rublon?

Rublon is simple and easy. Activate the plugin and you're done. Your users don't need to install or configure anything and don’t need training or one-time codes. Once they confirm their identity on a device, they can log in to all web services by only entering their WordPress password.

How is Rublon Different?

Traditional two-factor authentication solutions demand users enter a one-time password each time they want to login. That’s why people don’t like them. Rublon is different. With Rublon, you confirm your identity by simply clicking on a link or scanning a Rublon Code.

*What Does Rublon Cost?

By default, the Rublon for WordPress plugin makes use of the free Rublon Personal API that protects up to 1 account per website. In order to protect more accounts or use business features, you need access to the paid Rublon Business API. Please contact for more information.

In What Languages Is Rublon Available?

  • English
  • German
  • Japanese (translated by Digital Cube)
  • Turkish (translated by Mehmet Emre Baş, proofread by Tarık Çayır)
  • Polish

Follow Us

Facebook | Google+ | LinkedIn | Twitter | YouTube

Author Rublon
Contributors rublon
Tags 2 factor authentication, 2 step authentication, 2-Factor, 2-step verification, 2FA, admin, authentication, cell phone, dwuskładnikowe logowanie, dwuskładnikowe uwierzytelnianie, javascript, login, login approval, login protection, login verification, logowanie, mfa, mobile, mobile phone, multi factor authentication, password, plugin, qr code, security, smartphone, two step authentication, two-factor, two-factor authentication, two-factor verification, two-step verification, uwierzytelnianie, wordpress security, Zwei-Faktor-Authentifizierung
  1. rublon screenshot 1

    Rublon Two-Factor Authentication Badge displayed on wp-login.php

  2. rublon screenshot 2

    Identity confirmation via email

  3. rublon screenshot 3

    Identity confirmation via Mobile App

  4. rublon screenshot 4

    Decide whether this is your trusted device or not

  5. rublon screenshot 5

    Logging in after successful identity confirmation

  6. rublon screenshot 6

    Authenticating user on a trusted device

  7. rublon screenshot 7

    Manage your trusted devices directly from your Dashboard

  8. rublon screenshot 8

    Manage your trusted devices from a dedicated section under the Rublon menu

  1. Log in to your WordPress administration panel using an administrator account.
  2. Go to "Plugins" -> "Add New" and search for "Rublon" using the plugins search box.
  3. Click the "Install Now" button inside the Rublon plugin box in the search results and confirm the installation.
  4. Click on "Activate Plugin".
  5. During your next login, confirm your identity via an email link Rublon sends you.
  6. Optional: For more security and control, install the Rublon mobile app onto your phone (available for Android, iOS and Windows Phone).

Server requirements

  • PHP version 5.2.4 or greater
  • cURL PHP extension enabled


  • Removed deprecated method
  • Rublon core libraries update


  • Added compatibility with Peter's Login Redirect plugin
  • Fixed issue with missing method wp_destroy_current_session for WordPress version < 4.0
  • Added monochromatic Rublon icon


  • Improved error handling
  • Rublon core libraries update


  • Optimized temporary data cleaning
  • Rublon core libraries update


  • Fixed issues with coexistence with a membership plugin
  • Rublon core libraries update


  • Fixed disabling/enabling XML-RPC which caused problems with using WordPress mobile app
  • Rublon Badge updated
  • Plugin name changed to "Rublon Two-Factor Authentication"
  • Rublon core libraries update


  • Translations updated
  • Rublon core libraries update


  • Added ability to hide the upgrade message box
  • Rublon core libraries update


  • Added Japanese language support (translated by Digital Cube)
  • Fixed bug with opening popup during deleting posts permanently from the trash
  • Rublon core libraries update


  • Added link to Rublon Business API upgrade
  • Rublon core libraries update


  • Minor text changes
  • Rublon core libraries update


  • Introduction of Personal Edition
  • Rublon core libraries update


  • Further improvements of error handling
  • Improved CSS loading
  • Rublon core libraries update


  • Improved error handling
  • Rublon core libraries update


  • Improved compatibility with popular security plugin
  • Rublon core libraries update


  • Added new Rublon Badge beneath the login form on wp-login.php
  • Rublon core libraries update


  • Added possibility to disable Adam on the login page
  • Updated translations
  • Rublon core libraries update


  • Added compatibility with WordPress version 3.5.x


  • Fix for the version 3.0.0 (loop problem)


  • Core changes regarding Rublon Business Edition
  • Information about Business Edition added on the Rublon settings page
  • Adam talks about WordPress, Rublon and security beneath the login form on wp-login.php


  • Improved WordPress menubar handling on front-end


  • Improved WordPress menubar handling
  • Minor text improvements


  • Plugin name changed to "Rublon Account Security"
  • Improved compatibility with some popular caching plugins
  • A warning message about possibly missing PHP components added
  • The user is now asked to permit the plugin to send anonymous stats
  • The user may now subscribe to the Rublon Newsletter
  • Links to Rublon social media added on the plugin's settings page
  • Rublon Badge updated


  • Improved registration with the Rublon API
  • Real-Time Remote Logout now does not impair page load times (activated by default again)
  • Minimum PHP version lowered to 5.2.4


  • Improved compatibility with some front-end plugins
  • Improved compatibility with some PHP server configurations
  • Updated Turkish translation


  • Rublon API Terms of Service agreement necessary during installation
  • Turkish language support added (translated by Mehmet Emre Baş, proofread by Tarık Çayır)
  • Real-Time Remote Logout disabled by default
  • Minor text improvements


  • Increased timeout for requests to authentication servers


  • Plugin name changed for accuracy


  • Improved Trusted Device handling
  • Plugin developers: added custom filter for page redirection upon successful Rublon authentication (rublon_return_url)
  • Minor text improvements


  • Improved handling of sign-ins over SSL


  • Improved loading times
  • Core optimization


  • Improved error handling
  • Minor text improvements


  • Possibility to disable Real-Time Remote Logout, which caused some Firefox users to experience slower page load times


  • Additional security for the first authentication factor
  • Improved database garbage collecting
  • Minor text improvements


  • Improved compatibility with some third-party plugins
  • Improved positioning of Rublon Badge
  • Minor text improvements


  • Improved compatibility with some non-standard PHP server configurations


  • Logout remotely from WordPress by removing a trusted device
  • Improved memory management
  • Improved handling of WordPress AJAX requests
  • Improved positioning of Rublon Badge
  • Minor text improvements


  • Minor text improvements


  • Added compatibility with some cloud-based solutions
  • Additional handling for connection problems


  • Trusted Device Manager accessible from Dashboard and Rublon submenu
  • Improved compatibility with other plugins
  • Prevention of use on unsupported PHP versions
  • Minor text improvements


  • Multisite support added
  • Default Protection Level downgrade now needs to be confirmed via Rublon
  • Trusted Devices can be managed through the WordPress Administration Dashboard
  • Updated visuals for display on iOS Retina devices


  • Improved compatibility with PHP version 5.2.17 and higher
  • Minor text changes


  • Email-based two-step login for all users turned on by default (no mobile app required)
  • Changing your email address or password requires your confirmation (via email or mobile app)
  • Trusted devices now manageable via Rublon settings page
  • Administrators can enforce a default protection type (email or mobile app) for specific user roles
  • Automated plugin configuration — just activate the plugin to turn on the protection


  • Minor text changes


  • Added right-to-left text orientation support


  • Additional information about missing PHP libraries




  • Added compatibility for admin dashboards working over SSL (thanks to Robert Abela from for reporting it)
  • Internal Rublon libraries updated


  • Visual components updated for compatibility with WordPress 3.8
  • Internal Rublon libraries updated


  • XML-RPC API disabled by default with the option to enable it back on the plugin's settings page
  • Rublon internal libraries updated


  • Rublon can now also serve as an additional factor for any other authentication method, e.g. social login through Facebook
  • Core Rublon libraries updated


  • German language support added
  • Improved compatibility with a few unusual server configuration types
  • Added compatibility with some maintenance mode plugins
  • Added compatibility with the Better WP Security plugin


  • Simplified setup process - protect your account right away after activating the plugin
  • An administrator needs to protect his account with Rublon before any other user will be able to do it
  • Rublon Seal shows up on sign-in page
  • Rublon now has an own section inside the main menu of the administration panel
  • If your account is protected, the Rublon icon shows up at the top right corner of any page in the administration panel
  • Users unfamiliar with Rublon are now being informed that they need the Rublon mobile app
  • Visual improvements


  • Rublon settings page moved from the "Settings" to "Plugins" section of the administration area
  • Rublon icon added to the Rublon settings page
  • Outdated versions of the plugin will not be able to activate the Rublon service anymore


  • Warning message about improper PHP version on PHP versions between 5.2.17 and 5.3.2 no longer displayed
  • Code updated to WordPress coding standards, thanks to Alex King from


  • Fixed error when setting CAcert path in cURL in PHP 5.2.17
  • Confirmed compatibility with PHP version 5.2.17


  • Improved error handling
  • Minor text and translation changes


  • Improved error handling


  • User accounts protected by Rublon are marked with a Rublon icon on the user list in the Administration Panel
  • The process of securing a user's account with Rublon has been technically improved
  • Advanced error handling during plugin activation


  • Minor text and translation changes


  • Administrator's account is automatically protected by Rublon upon plugin activation
  • Administrators can now disable other users' two-factor authentication


  • Minor text and translation updates


  • Error handling and data verification in the admin settings


  • Rublon library update


  • Updated texts and translations


  • Rublon for WordPress: Automatic Two-Factor Authentication

How can I protect my account with Rublon?

Simply install the Rublon for WordPress plugin and activate it. After activation, your administrator account will be instantly protected with email-based two-factor authentication. In order to protect more accounts, please upgrade to the Business Edition by contacting

I want more than email-based, two-factor authentication. Does Rublon support phone-based, out-of-band two-factor authentication?

Yes! Just install the Rublon mobile app onto your phone (available for Android, iOS and Windows Phone). After entering your WordPress login credentials, you will be prompted to scan a Rublon Code with your phone.

Do all my users have to be protected by Rublon?

Plugin activation instantly protects your administrator account. The minimum (default) protection level for all user groups is set to "Email". You may change this setting to "None" for any user group at any time. However, users who install the Rublon mobile app will have additional protection regardless of the setting you’ve selected. Please keep in mind that you need access to the Rublon Business Edition in order to protect more than 1 account per website.

Will my login credentials be known to Rublon?

No. Rublon never knows your credentials or those of your users. They are never transmitted to our servers. Rublon does its work in the background only after WordPress verifies your password. It's an independent security layer that sits beneath the login form.

How secure is my data on Rublon's servers?

For accounts protected via email, the email address is transmitted to Rublon servers during each login but instantly removed after Rublon sends the email with your personal confirmation link. No personal data of such accounts is ever stored on Rublon servers. For accounts protected via mobile app, only the Rublon User ID is transmitted to Rublon servers during login. Registered users of the Rublon mobile app are governed by its terms of service.

Why is using the Rublon mobile app more secure than email-based authentication?

The Rublon mobile app holds your digital identity with your private encryption key, which never leaves your phone. With any action requiring the mobile app, such as confirming your identity, the Rublon app generates an unique encrypted digital signature. Gaining access to an email account without two-factor authentication is easier than stealing your private key from your phone and reusing it.

What if I use the Rublon mobile app and I lose my phone?

Simply deactivate your phone on Once deactivated, recover your account by installing the Rublon mobile app on a new phone.

How much does Rublon cost?

Rublon for WordPress gives you access to the free Rublon Personal Edition, which lets you protect up to 1 account. For more accounts and features, please upgrade to the Rublon Business Edition by contacting

Version 3.2.9

Requires WordPress version: 3.5.x or higher

Compatible up to: 4.5.6

Last Updated 02 Nov 2016

Date Added: 02 Aug 2013

Plugin Homepage


4.3 stars
87 ratings


Not Enough Data

Works: 0
Broken: 0