WordPress.org

Ready to get started?Download WordPress

Plugin Directory

Clef

The easiest and most secure way to log in to WordPress: no passwords, no temporary codes, single sign-on/off.

How secure is Clef?

Very. Clef leverages the computational power of your smartphone and the proven strengths of distributed, asymmetric cryptography and multi-factor authentication to provide secure WordPress logins in a beautifully simple and easy-to-use package.

Clef protects WordPress not only from insecure passwords but also from malicious forgotten password resets and bruteforce attacks.

How secure is my data on Clef's servers?

Clef's architecture is fully distributed so it stores no user credentials on its servers. When you use the Clef App, you create a profile and a private encryption key that never leave your phone. The Clef App uses that data to generate a unique, encrypted, digital signature every time you log in. Since all of your personal info stays on your phone, nothing in the Clef database can compromise your identity even in the unlikely event that the server is hacked.

What if I lose my phone?

Simply visit Clef's "lost phone" page to deactivate your phone. Once you've deactivated, you can reactivate on a new device and all of your accounts will transfer over.

How much does Clef cost?

Clef is and will always be 100% free.

Can existing users on my WordPress site sign in with Clef?

As long as your users register on their Clef Apps using the same email address as their WordPress accounts, they can start using Clef instantly. Also, once Clef for WordPress is activated on your site, your existing WordPress users can link their accounts to Clef via the Profile page in WordPress.

What if I have some users who do not have smartphones?

Clef can protect WordPress in hybrid mode (passwords allowed) or full Clef mode (no passwords). If you want to enjoy the protection of full Clef mode but still need to allow passwords for users who do not have smartphones, then on the Clef Settings page you can create a secure override key that enables password logins at a secret URL.

Requires: 3.5 or higher
Compatible up to: 3.9.1
Last Updated: 2014-5-26
Downloads: 50,055

Ratings

5 stars
5 out of 5 stars

Support

5 of 6 support threads in the last two months have been resolved.

Got something to say? Need help?

Compatibility

+
=
Not enough data

2 people say it works.
0 people say it's broken.

100,1,1
100,1,1
100,1,1
100,1,1
100,1,1
100,1,1
100,1,1 100,2,2
100,1,1
100,2,2 100,3,3
100,2,2