Rublon Multi-Factor Authentication (MFA) Security & Risk Analysis

wordpress.org/plugins/rublon

Instant account security with effortless multi-factor authentication via Mobile Push, Mobile Passcode (TOTP), WebAuthn/U2F Security Keys, and more.

500 active installs v4.4.5 PHP 5.5.1+ WP 5.0+ Updated Dec 4, 2025
2famfamulti-factor-authenticationsecuritytwo-factor-authentication
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Rublon Multi-Factor Authentication (MFA) Safe to Use in 2026?

Generally Safe

Score 100/100

Rublon Multi-Factor Authentication (MFA) has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7mo ago
Risk Assessment

The Rublon plugin v4.4.5 presents a mixed security posture. On the positive side, the plugin has no known historical vulnerabilities (CVEs) and demonstrates a good effort in securing its code, with 73% of SQL queries using prepared statements and a reasonable number of capability checks. However, the static analysis reveals a significant concern: one unprotected AJAX handler represents a direct entry point for potential attackers. Furthermore, the presence of the `unserialize` function, especially without context of its usage and sanitization, raises a red flag, as it can lead to object injection vulnerabilities if not handled with extreme care. The low percentage of properly escaped output (10%) is also a concern, potentially leading to cross-site scripting (XSS) vulnerabilities if user-supplied data is rendered without proper encoding.

Key Concerns

  • Unprotected AJAX handler
  • Dangerous function unserialize used
  • Low percentage of properly escaped output
Vulnerabilities
None known

Rublon Multi-Factor Authentication (MFA) Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Rublon Multi-Factor Authentication (MFA) Release Timeline

v4.4.5Current
v4.4.4
v4.4.3
v4.4.2
v4.4.1
v4.4.0
v4.3.2
v4.3.1
v4.3
v4.2.2
v4.2.1
v4.2.0
v4.0
v3.2.12
v3.2.11
v3.2.10
v3.2.9
v3.2.8
v3.2.7
v3.2.6
Code Analysis
Analyzed Mar 16, 2026

Rublon Multi-Factor Authentication (MFA) Code Analysis

Dangerous Functions
1
Raw SQL Queries
4
11 prepared
Unescaped Output
80
9 escaped
Nonce Checks
3
Capability Checks
8
File Operations
2
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$tmp = unserialize(serialize($var));includes\rublon2factor_helper.php:3570

SQL Query Safety

73% prepared15 total queries

Output Escaping

10% escaped89 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

2 flows
<rublon2factor_helper> (includes\rublon2factor_helper.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Rublon Multi-Factor Authentication (MFA) Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_hide_business_edition_upgrade_boxincludes\rublon2factor_hooks.php:437
WordPress Hooks 48
actionadmin_print_footer_scriptsincludes\Libs\Classes\class-rublon-pointers.php:32
actionplugins_loadedincludes\Libs\Classes\Confirmations\RublonConfirmations.php:10
actionadmin_noticesincludes\Libs\Classes\Confirmations\RublonConfirmations.php:11
actionplugins_loadedincludes\Libs\Classes\RublonFlashMessage.php:57
actionwp_footerincludes\Libs\RublonImplemented\Rublon2FactorGUIWordPress.php:27
actionadmin_footerincludes\Libs\RublonImplemented\Rublon2FactorGUIWordPress.php:28
actionadmin_print_stylesincludes\rublon2factor_admin.php:73
actionadmin_menuincludes\rublon2factor_admin.php:104
actionadmin_enqueue_scriptsincludes\rublon2factor_admin.php:120
actionadmin_enqueue_scriptsincludes\rublon2factor_admin.php:148
actionadmin_enqueue_scriptsincludes\rublon2factor_admin.php:151
actionadmin_initincludes\rublon2factor_admin.php:158
actionadmin_noticesincludes\rublon2factor_admin.php:673
actionadmin_noticesincludes\rublon2factor_admin.php:693
filtermanage_users_custom_columnincludes\rublon2factor_admin.php:723
actionwp_before_admin_bar_renderincludes\rublon2factor_admin.php:778
actionlogin_enqueue_scriptsincludes\rublon2factor_admin.php:807
actionlogin_enqueue_scriptsincludes\rublon2factor_admin.php:816
actionlogin_footerincludes\rublon2factor_admin.php:889
actioninitincludes\rublon2factor_helper.php:198
filterxmlrpc_enabledincludes\rublon2factor_helper.php:622
filterheartbeat_settingsincludes\rublon2factor_helper.php:654
actionadmin_enqueue_scriptsincludes\rublon2factor_helper.php:660
actionwp_enqueue_scriptsincludes\rublon2factor_helper.php:662
filterauth_cookieincludes\rublon2factor_helper.php:2386
filterlogin_messageincludes\rublon2factor_hooks.php:41
filterwp_redirectincludes\rublon2factor_hooks.php:58
filterlogin_redirectincludes\rublon2factor_hooks.php:78
actionactivated_pluginincludes\rublon2factor_hooks.php:93
filterauthenticateincludes\rublon2factor_hooks.php:166
actioninitincludes\rublon2factor_hooks.php:184
actionlogin_initincludes\rublon2factor_hooks.php:193
actionset_auth_cookieincludes\rublon2factor_hooks.php:242
actionwp_logoutincludes\rublon2factor_hooks.php:257
actionwp_loginincludes\rublon2factor_hooks.php:293
filterpre_update_option_rublon2factor_settingsincludes\rublon2factor_hooks.php:346
actionuser_new_formincludes\rublon2factor_hooks.php:375
actionwp_loadedincludes\rublon2factor_hooks.php:392
actionadmin_noticesincludes\rublon2factor_hooks.php:424
actiontml_registered_formincludes\rublon2factor_hooks.php:444
actionrublon_admin_initincludes\rublon2factor_multisite_helper.php:33
filterrublon_get_settingsincludes\rublon2factor_multisite_helper.php:36
actionrublon_pre_authenticateincludes\rublon2factor_multisite_helper.php:40
actionrublon_site_registrationincludes\rublon2factor_multisite_helper.php:41
actionrublon_save_settingsincludes\rublon2factor_multisite_helper.php:44
actionrublon_plugin_pre_initincludes\rublon2factor_multisite_helper.php:330
filterplugin_action_linksrublon2factor.php:42
actionplugins_loadedrublon2factor.php:91
Maintenance & Trust

Rublon Multi-Factor Authentication (MFA) Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 4, 2025
PHP min version5.5.1
Downloads116K

Community Trust

Rating84/100
Number of ratings88
Active installs500
Developer Profile

Rublon Multi-Factor Authentication (MFA) Developer Profile

Rublon

1 plugin · 500 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Rublon Multi-Factor Authentication (MFA)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/rublon/assets/images/rublon_visual.gif
Version Parameters
rublon/style.css?ver=rublon/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
rublon-apireg-half-columnrublon-apireg-descriptionrublon-apireg-fieldsetrublon-apireg-visualrublon-imagerublon-apireg-pointer
Data Attributes
data-rublon-apireg-dismiss-urldata-rublon-apireg-answer-url
JS Globals
RublonWPrublon_pointer_optionsrublon_apireg_pointer_options
FAQ

Frequently Asked Questions about Rublon Multi-Factor Authentication (MFA)