Modern two-factor that people love to use: strong authentication without passwords or tokens; single sign on/off; magical login experience.
Yes. The app is free, and Clef’s free-tier accounts allow up to 10 Clef-enabled WordPress users per site.
/wp-content/plugins/wpclef/ folder to restore password-based access.
Yes, in fact we think that's a great idea, and so does CloudFlare. While you're at it, turn on CloudFlare's free SSL for even greater protection.
Yes. Clef 2FA is compatible with all of the top-tier security plugins.
Yes. Depending on your firewall configuration, you may need to whitelist the following:
User-Agent: Clef/1.0 (https://getclef.com)
You can verify that the logout request is passing through the firewall by sending a test request from the command line.
Yes. If your users register on their Clef mobile apps using the same email address as their WordPress accounts, they can start using Clef instantly. Otherwise, they can link their WP users with their Clef accounts after logging in to the WordPress dashboard.
Also, the plugin makes it easy to invite your WP users to install the Clef app with optional invitation emails.
See the guide for accommodating users without smartphones for details.
You can add the Clef Wave or the Clef “login with your phone” button by inserting the clef_render_login_button shortcode into any post, page, or text widget. See the shortcode guide for details.
If you have a subdirectory network, then no additional configuration is required.
If you have a subdomain or full domain network, then you must configure the application domain setting to allow Clef logins at multiple subdomains or domains.
Very. Clef leverages the computational power of your smartphone and the proven strengths of distributed, asymmetric cryptography and multi-factor authentication to provide secure WordPress logins in a beautifully simple and easy-to-use mobile app.
When configured to disable passwords, Clef protects WordPress users against the full spectrum of password-based attacks:
Clef employs a distributed security architecture, which means Clef stores no user credentials on its servers. When you use the Clef mobile app, you create a profile and a private encryption key that never leave your phone. The Clef app then uses that data to generate a unique, encrypted digital signature every time you log in. Since all of your personal info stays on your phone, nothing in the Clef database can compromise your identity even in the unlikely event that the server is compromised.
Requires: 3.6 or higher
Compatible up to: 4.6.2
Last Updated: 5 months ago
Active Installs: 1+ million
4 of 6 support threads in the last two months have been marked resolved.
Got something to say? Need help?