Enhancing WordPress Security with a Smartphone

Category: Advanced

The internet is filled with a lot of posts on WordPress security and most of them pertain to securing your server, including changing .htaccess files and limiting logins, so that it becomes difficult for an outside entity to gain access to your WordPress site. In this post, however, I am going to talk about beefing up security in a different way.

With the emergence of smartphones, their impact on our life can’t be overlooked. This post explores the possibility of securing your WordPress site by using your smartphone. Unlike other WordPress plugins, the processes require you to keep something installed on your phone too, so make sure you have internet connectivity on your phone too.

Google Authenticator:

If you want to tap the full potential of your Android device, what could be better than using Google’s own service, Google Authenticator. Head over to the plugin’s page and install the plugin. On installation and activation, this plugin adds a third field to your login form, the Google Authenticator code, in addition to your username and password.

To get the Authenticator Code, you need to install the Google Authenticator app on your Android device. Once the app is installed, it can generate codes to enable you to login to your site. In case you do not have an Android device, you can still use this plugin, but you would need to be able to receive text messages. On the other hand, for an Android, the codes are generated through the app.

This provides a two way authentication system, much like in the case of signing in to Google. A two way authentication is important because you need to have the phone as well know your password to get access to your account and it makes the process very secure.

In case you have trouble with the application for your smartphone, you can consult Google’s official documentation on the app and how to get it working on different smartphones.


If you are tired of logging into your account using the traditional way of supplying a username and a password, then Clef is the service that you should use.

Clef removes the login form altogether and provides you with a kind of a wave, which resembles musical notes. All you need to do is to scan it with your smartphone to get access. It works similar to a QR code. Naturally, you need to install the Clef app on your smartphone too. Their service is not just for Android users.

Clef gives you an alternate way of authentication, and you can use it side by side with your traditional login. In case you lose your phone and as a result, you are locked out of your site, there are provisions too. You can check their lost page, provide a PIN and they would deactivate the service remotely.

In case you are still confused as to how Clef works, you can head over to the wonderful tutorial on their site.

Although this app looks really aesthetic and some might perceive it as ‘cool’, a downside of using this plugin is that it’s not always practical to scan the screen, and it might just be easier to use a generated PIN through Google Authenticator.


The idea behind Rublon is also a two way authentication system, but with a small difference. You need to scan a QR code through your smartphone and login. You can mark a device as trusted, which makes future logins hassle free. Head over to the plugin’s page on the WordPress site to download and install it for your system.

A QR code is generated once you try to login. You need to scan it with your smartphone, which has the Rublon app installed. You then need to visit their page to download the app for your supported smartphone. Currently, iOS, Android, Windows and BlackBerry are supported.

You are logged in once the QR code is scanned and verified. If you label the device as trusted, it doesn’t require further checks. This ensures that even if someone knows your password, there is no way they can gain access to your site!

We hope that this post helped you learn about a few ways to make your site safer. Even though you can make your site secure by adding two way authentication systems, make sure you know the process of recovery if your phone is stolen or lost, and if you get locked out of your site.

Author Bio

Shaumik Daityari

Shaumik is an optimist, but one who carries an umbrella. An undergrad at IIT Roorkee, he loves writing, when he's not busy creating some awesome stuff. Find him on and Twitter.

Leave a reply

Appointment Booking Plugin for Wordpress