Plugin Directory

Test out the new Plugin Directory and let us know what you think.

Clef Two-Factor Authentication

Modern two-factor that people love to use: strong authentication without passwords or tokens; single sign on/off; magical login experience.


Released 23 August 2016

  • Feature: add Clef column to Users: All Users view to demarcate which WP users have enabled Clef (257)


Released 11 July 2016

  • Feature: add support for Varnish full-page caching on front end via new shortcode setting (255)
  • Enhancement: add httponly and secure flags to session and state cookies (254)


Released 20 June 2016

  • Fix: WP cron scheduler adding excess session garbage collection events (253)


Released 16 June 2016

  • Fix: minor update to Heartbeat API files whitelist on WP Engine servers (252)


Released 6 June 2016

  • Feature: automatic setup for WP Engine servers; manual workarounds no longer required, should be removed (248)
  • Fix: minor PHP 7 syntax issue (246)
  • Enhancement: updated FAQ and installation instructions (251)


Released 17 May 2016

  • Fix: remove PHP namespacing dependency to support servers running PHP < 5.3 (245)


Released 16 May 2016

  • Fix: crashing issue on activation for certain hosting configurations


Released 5 May 2016

  • Feature: added support for Pantheon's platform
  • Fix: "Settings could not be parsed" error on configuration page
  • Fix: reduced "state parameter" errors for hosts with Varnish caching


Released 10 March 2016

  • Fix: settings were unable to save on certain hosting configurations


Released 16 February 2016

  • Enhancement: better onboarding experience
  • Enhancement: per-user and bulk user invites to use Clef
  • Enhancement: less CSS loaded by default, including 0 on all non-admin pages
  • Enhancement: dashboard widget to help new users get setup
  • Enhancement: easily reset your Clef settings
  • Fix: reduced frequency of "invalid state" errors


Released 27 January 2016

  • Enhancement: updates support path


Released 21 December 2015

  • Fix: update issue


Released 21 December 2015

  • Fix: stop making unnecessary request to Clef API when site is not configured
  • Enhancement: remove Waltz upsell


Released 6 October 2015

  • Fix: accommodate new password reset action introduced in WP 4.3
  • Feature: automatically send override link to site administrator
  • Enhancement: update Clef logo and README
  • Enhancement: upon activation redirect to default plugins page if Clef is already configured


Released 18 June 2015

  • Feature: updates translations for all languages

Released 11 May 2015

  • Fix: login issue with websites that had certain caching configurations

Released 27 April 2015

  • Fix: login issue with websites that had custom login pages

Released 23 April 2015

  • Fix: login issue with websites that did not do output buffering
  • Fix: silenced messages for resetting password

Released 22 April 2015

  • Fix: removes legacy other plugins install page
  • Fix: uses state parameter on Clef button

Released 17 December 2014

  • Enhancement: disable passwords by default for Clef users
  • Fix: re-add ability to disable registration with Clef


Released 20 November 2014

  • Enhancement: add learn more links to settings pages
  • Enhancement: update README
  • Fix: remove duplicate setting for managing ability to register with Clef
  • Fix: change WordPress badge language


Released 3 November 2014

  • Fix: bug where obfuscating login page URL causes rendering issues


Released 2 November 2014

  • Fix: bug where registration and lost password pages do not render correctly
  • Fix: bug where login button shortcode renders out of order
  • Fix: bug where invalid logout hook caused PHP error
  • Fix: bug where other login page plugins rendered on top of embedded wave


Released 29 September 2014

  • Feature: allow administrators to disable passwords for custom roles
  • Fix: setup tutorial now works in IE9
  • Fix: password login error message displays correctly with Clef login embed


Released 4 September 2014

  • Feature: adds more translations!
  • Fix: issue where embedded login was hidden then shown
  • Fix: conflict with Polylang plugin where settings would not save
  • Fix: issue where PHP error occurred if an error occurred during user registration with Clef


Released 6 August 2014

  • Fix: store affiliates as string rather than array


Released 6 August 2014

  • Feature: adds even easier affiliates
  • Fix: plugin conflict with NextGen Gallery where login iframe does not load
  • Fix: plugin conflict with BuddyPress


Released 29 July 2014

  • Feature: adds easier affiliates
  • Fix: adds better error checking


Released 21 July 2014

  • Feature: adds shortcode to easily render login button
  • Feature: use modal to allow users to login and preserve state when they are logged out with Clef
  • Feature: menu notification when user hasn’t configured Clef
  • Feature: by default, embed the Wave in the login form rather than making users click a button
  • Bug fix: issue where if passwords were fully disabled, but Clef wasn’t configured, no login form would be shown
  • Bug fix: issue where a new session was opened for every request, not just ones where it was necessary (in admin for Clef users)
  • Bug fix: issue where users can connect the same Clef account to two WordPress accounts
  • Bug fix: issue where if the heartbeat API wasn’t available, Clef could interfere with the loading of other plugins
  • Bug fix: issue where prompt to add Clef badge was shown even if the badge was already displayed


Released 26 May 2014

  • Bug fix: fixes XMLRPC edge case with login on WordPress Mobile App


Released 22 May 2014

  • Feature: improved onboarding experience for new users
  • Bug fix: login now works with Theme My Login (github/clef/wordpress#125)
  • Bug fix: login now works with Google Captcha (github/clef/wordpress#127)
  • Bug fix: removes unnecessary CSS files on frontend


Released 17 April 2014

  • Feature: add framework for Clef affiliate referrals
  • Feature: add a shortcode for displaying the Clef settings
  • Bug fix: error where invite emails erred when there was a blank email
  • Bug fix: issue where Clef button displayed multiple times


Released 19 March 2014

  • Feature: customize the Clef login page
  • Feature: configure default site settings that will be set for all new sites


Released 12 March 2014

  • Bug fix: fixes compatibility issue with 5.2


Released 24 February 2014

  • Feature: new and improved single-page responsive settings page
  • Feature: easy user invitations
  • Feature: beautiful introduction and tutorial to Clef
  • Feature: finer grained password controls
  • Feature: restructured code base for easier integrations

Released 4 February 2014

  • Bug fix: fix override URL issue

Released 30 January 2014

  • Bug fix: fix issue where upgrades are detected incorrectly


Released 30 January 2014

  • New feature: Clef account is automatically connected when you set up a new account
  • New feature: clarifies settings language so it’s a little bit clearer
  • Bug fix: resolves issue with badge prompt displaying multiple times


Released 21 January 2014

  • New feature: automatically add a badge showing off that your login is protected by Clef
  • New feature: adds framework for adding translations to plugin
  • Various stability fixes

Released 13 January 2014

  • New feature: hides login with Clef button if Clef is not configured
  • Bug fix: fixes issue with mobile login where Clef would not work


Released 21 November 2013

  • New feature: force users with certain permissions to log in with Clef
  • New feature: adds integration with BruteProtect
  • New feature: force multisite settings on sub-site users
  • Compatibility update: supports 3.7+


Released 15 October 2013

  • New feature: adds support using Clef on multisite networks (currently only supports single-domain setups)
  • New feature: warns user if they try and disable passwords without a connected Clef account
  • New developer feature: restructures plugin to allow easier development
  • New developer feature: adds testing framework


Released 3 October 2013

  • Bug fix: fixes issue caused by Clef applications that did not request last name from users
  • Bug fix: adds state parameter to OAuth flow for connecting a Clef account to a WordPress account


Released 20 September 2013

  • New feature: require Clef authentication for all users with optional override key. When this new setting is selected, Clef for WordPress enables true password-free WordPress authentication by hiding the default login form and requiring Clef authentication for all users. If the need arises, you can set an optional override key to allow password logins at a secret URL. Secure keys can be generated automatically, or you can input your own key.
  • New feature: lost password reset protection. If you are running Clef for WordPress in hybrid mode, then lost password resets are disabled for Clef users only. If you are running in full Clef mode, then lost password resets are disabled for all users.
  • New feature: Clef for WordPress’ settings are deleted on uninstall


Released 10 September 2013

  • Updated feature: better error messages
  • Various bug fixes


Released 9 September 2013

  • New feature: connect any Clef account to any WordPress account. This feature removes the restriction on matching emails on Clef and WordPress accounts.


Released 2 September 2013

  • New feature: better error messages
  • Fix for FPD
  • Various bug fixes


Released 2 September 2013

  • New feature: JavaScript logout through heartbeat API


Released 30 August 2013

  • New feature: autofill setup variables
  • Changes tested WP compatibility version
  • Various bug fixes


Released 11 July 2013

  • Updated feature: instead of changing Clef-enabled users’ passwords every time they sign in to WordPress, usernames and passwords are entirely disabled for Clef accounts


Released 19 June 2013

  • New feature: single sign-off. When you sign out of your phone, you sign out of all of your WordPress sites.
  • New feature: greater password protection. If a site admin opts-in, a user’s passwords will be reset to a random 40 characters every time they sign in.


Released 26 April 2013

  • Beautified WordPress login form with Clef
  • New feature: setup wizard for easy install


Released 22 January 2013

  • Updates for Clef v2 API


Released 18 January 2013

  • Added an admin “pointer” to call out the configuration screen on new installs
  • User registration


Released 17 January 2013

  • Initial release: log in using the Clef app.

Requires: 3.6 or higher
Compatible up to: 4.6.2
Last Updated: 5 months ago
Active Installs: 1+ million


4.7 out of 5 stars


4 of 6 support threads in the last two months have been marked resolved.

Got something to say? Need help?


Not enough data

1 person says it works.
0 people say it's broken.

100,1,1 0,1,0
100,1,1 100,2,2
100,2,2 100,3,3
100,3,3 100,1,1 100,1,1
100,3,3 100,3,3
100,1,1 100,3,3 100,1,1
100,2,2 100,1,1
0,1,0 100,5,5
100,1,1 100,1,1 100,1,1
0,1,0 100,2,2
100,1,1 50,2,1 100,1,1 100,1,1
100,1,1 100,3,3