WP-Safety

Rublon Multi-Factor Authentication (MFA) Security & Risk Analysis

wordpress.org/plugins/rublon

Instant account security with effortless multi-factor authentication via Mobile Push, Mobile Passcode (TOTP), WebAuthn/U2F Security Keys, and more.

500 active installs v4.4.5 PHP 5.5.1+ WP 5.0+ Updated Dec 4, 2025
2famfamulti-factor-authenticationsecuritytwo-factor-authentication
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Rublon Multi-Factor Authentication (MFA) Safe to Use in 2026?

Generally Safe

Score 100/100

Rublon Multi-Factor Authentication (MFA) has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago
Risk Assessment

The Rublon plugin v4.4.5 presents a mixed security posture. On the positive side, the plugin has no known historical vulnerabilities (CVEs) and demonstrates a good effort in securing its code, with 73% of SQL queries using prepared statements and a reasonable number of capability checks. However, the static analysis reveals a significant concern: one unprotected AJAX handler represents a direct entry point for potential attackers. Furthermore, the presence of the `unserialize` function, especially without context of its usage and sanitization, raises a red flag, as it can lead to object injection vulnerabilities if not handled with extreme care. The low percentage of properly escaped output (10%) is also a concern, potentially leading to cross-site scripting (XSS) vulnerabilities if user-supplied data is rendered without proper encoding.

Key Concerns

  • Unprotected AJAX handler
  • Dangerous function unserialize used
  • Low percentage of properly escaped output
Vulnerabilities
None known

Rublon Multi-Factor Authentication (MFA) Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Rublon Multi-Factor Authentication (MFA) Code Analysis

Dangerous Functions
1
Raw SQL Queries
4
11 prepared
Unescaped Output
80
9 escaped
Nonce Checks
3
Capability Checks
8
File Operations
2
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$tmp = unserialize(serialize($var));includes\rublon2factor_helper.php:3570

SQL Query Safety

73% prepared15 total queries

Output Escaping

10% escaped89 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
<rublon2factor_helper> (includes\rublon2factor_helper.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Rublon Multi-Factor Authentication (MFA) Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_hide_business_edition_upgrade_boxincludes\rublon2factor_hooks.php:437
WordPress Hooks 48
actionadmin_print_footer_scriptsincludes\Libs\Classes\class-rublon-pointers.php:32
actionplugins_loadedincludes\Libs\Classes\Confirmations\RublonConfirmations.php:10
actionadmin_noticesincludes\Libs\Classes\Confirmations\RublonConfirmations.php:11
actionplugins_loadedincludes\Libs\Classes\RublonFlashMessage.php:57
actionwp_footerincludes\Libs\RublonImplemented\Rublon2FactorGUIWordPress.php:27
actionadmin_footerincludes\Libs\RublonImplemented\Rublon2FactorGUIWordPress.php:28
actionadmin_print_stylesincludes\rublon2factor_admin.php:73
actionadmin_menuincludes\rublon2factor_admin.php:104
actionadmin_enqueue_scriptsincludes\rublon2factor_admin.php:120
actionadmin_enqueue_scriptsincludes\rublon2factor_admin.php:148
actionadmin_enqueue_scriptsincludes\rublon2factor_admin.php:151
actionadmin_initincludes\rublon2factor_admin.php:158
actionadmin_noticesincludes\rublon2factor_admin.php:673
actionadmin_noticesincludes\rublon2factor_admin.php:693
filtermanage_users_custom_columnincludes\rublon2factor_admin.php:723
actionwp_before_admin_bar_renderincludes\rublon2factor_admin.php:778
actionlogin_enqueue_scriptsincludes\rublon2factor_admin.php:807
actionlogin_enqueue_scriptsincludes\rublon2factor_admin.php:816
actionlogin_footerincludes\rublon2factor_admin.php:889
actioninitincludes\rublon2factor_helper.php:198
filterxmlrpc_enabledincludes\rublon2factor_helper.php:622
filterheartbeat_settingsincludes\rublon2factor_helper.php:654
actionadmin_enqueue_scriptsincludes\rublon2factor_helper.php:660
actionwp_enqueue_scriptsincludes\rublon2factor_helper.php:662
filterauth_cookieincludes\rublon2factor_helper.php:2386
filterlogin_messageincludes\rublon2factor_hooks.php:41
filterwp_redirectincludes\rublon2factor_hooks.php:58
filterlogin_redirectincludes\rublon2factor_hooks.php:78
actionactivated_pluginincludes\rublon2factor_hooks.php:93
filterauthenticateincludes\rublon2factor_hooks.php:166
actioninitincludes\rublon2factor_hooks.php:184
actionlogin_initincludes\rublon2factor_hooks.php:193
actionset_auth_cookieincludes\rublon2factor_hooks.php:242
actionwp_logoutincludes\rublon2factor_hooks.php:257
actionwp_loginincludes\rublon2factor_hooks.php:293
filterpre_update_option_rublon2factor_settingsincludes\rublon2factor_hooks.php:346
actionuser_new_formincludes\rublon2factor_hooks.php:375
actionwp_loadedincludes\rublon2factor_hooks.php:392
actionadmin_noticesincludes\rublon2factor_hooks.php:424
actiontml_registered_formincludes\rublon2factor_hooks.php:444
actionrublon_admin_initincludes\rublon2factor_multisite_helper.php:33
filterrublon_get_settingsincludes\rublon2factor_multisite_helper.php:36
actionrublon_pre_authenticateincludes\rublon2factor_multisite_helper.php:40
actionrublon_site_registrationincludes\rublon2factor_multisite_helper.php:41
actionrublon_save_settingsincludes\rublon2factor_multisite_helper.php:44
actionrublon_plugin_pre_initincludes\rublon2factor_multisite_helper.php:330
filterplugin_action_linksrublon2factor.php:42
actionplugins_loadedrublon2factor.php:91
Maintenance & Trust

Rublon Multi-Factor Authentication (MFA) Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 4, 2025
PHP min version5.5.1
Downloads116K

Community Trust

Rating84/100
Number of ratings88
Active installs500
Alternatives

Rublon Multi-Factor Authentication (MFA) Alternatives

Two Factor

Two Factor

two-factor

A
100

Enable Two-Factor Authentication (2FA) using time-based one-time passwords (TOTP), Universal 2nd Factor (U2F), email, and backup verification codes.

100K No CVEs
Wordfence Login Security

Wordfence Login Security

wordfence-login-security

A
92

Secure your website with Wordfence Login Security, providing two-factor authentication, login and registration CAPTCHA, and XML-RPC protection.

70K No CVEs
PassClip Auth for WordPress

PassClip Auth for WordPress

passclip-auth-for-wordpress

A
85

"PassClip Auth" provides strong and easy authentication. "PassClip Auth for WordPress" is the plugin to launch PassClip Auth to Wo &hellip;

10 No CVEs
SnapID Two-Factor Authentication

SnapID Two-Factor Authentication

snapid-two-factor-authentication

A
85

Make usernames and passwords obsolete. SnapID identifies and authenticates when you send a text message. Completely secure, incredibly convenient.

10 No CVEs
Tiny 2FA + Brute Force Protection

Tiny 2FA + Brute Force Protection

tiny-2fa

A
100

A simple two-factor authentication plugin that just works.

10 No CVEs
Developer Profile

Rublon Multi-Factor Authentication (MFA) Developer Profile

Rublon

1 plugin · 500 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Rublon Multi-Factor Authentication (MFA)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/rublon/assets/images/rublon_visual.gif
Version Parameters
rublon/style.css?ver=rublon/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
rublon-apireg-half-columnrublon-apireg-descriptionrublon-apireg-fieldsetrublon-apireg-visualrublon-imagerublon-apireg-pointer
Data Attributes
data-rublon-apireg-dismiss-urldata-rublon-apireg-answer-url
JS Globals
RublonWPrublon_pointer_optionsrublon_apireg_pointer_options
FAQ

Frequently Asked Questions about Rublon Multi-Factor Authentication (MFA)