Plugin Directory

Clef Two-Factor Authentication

Modern two-factor that people love to use: strong authentication without passwords or tokens; single sign on/off; magical user experience.

Is Clef for WordPress really free?

Yes. Really. Boom! And your free Clef account includes

  • unlimited users,
  • up to 10K logins per month,
  • email support,
  • and basic usage analytics.

Can existing users on my WordPress site sign in with Clef after I install the plugin?

Yes. If your users register on their Clef mobile apps using the same email address as their WordPress accounts, they can start using Clef instantly. Otherwise, they can link their WP users with their Clef accounts after logging in to the WordPress dashboard.

Also, Clef makes it easy to invite your users with optional invitation emails.

How does Clef accommodate logins for WordPress users who do not have smartphones?

The disable passwords options and secret override url provide several options for allowing password logins.

See the guide for accommodating users without smartphones for details.

What should I do if my phone is lost or stolen, or if I switch to a new phone?

  1. Deactivate your old phone.
  2. Reactivate on your new phone.

How do I create a custom login page or widget with the Clef login shortcode?

You can add the Clef Wave or the Clef “login with your phone” button by inserting the clef_render_login_button shortcode into any post, page, or text widget. See the shortcode guide for details.

How do I configure Clef for multisite networks?

If you have a subdirectory network, then no additional configuration is required.

If you have a subdomain or full domain network, then you must configure the application domain setting to allow Clef logins at multiple subdomains or domains.

How secure are Clef logins?

Very. Clef leverages the computational power of your smartphone and the proven strengths of distributed, asymmetric cryptography and multi-factor authentication to provide secure WordPress logins in a beautifully simple and easy-to-use mobile app.

When configured to disable passwords, Clef protects WordPress users against the full spectrum of password-based attacks:

  • brute-force and botnet attacks
  • weak, leaked, and recycled passwords
  • sending login credentials via an insecure (non-ssl) connection
  • password phishing attempts
  • account takeovers via email breaches

How secure is my data on Clef’s servers?

Clef’s security architecture is fully distributed, which means Clef stores no user credentials on its servers. When you use the Clef mobile app, you create a profile and a private encryption key that never leave your phone. The Clef app then uses that data to generate a unique, encrypted digital signature every time you log in. Since all of your personal info stays on your phone, nothing in the Clef database can compromise your identity even in the unlikely event that the server is hacked.

Requires: 3.5 or higher
Compatible up to: 4.3.1
Last Updated: 2 months ago
Active Installs: 600,000+


4.8 out of 5 stars


0 of 3 support threads in the last two months have been resolved.

Got something to say? Need help?



5 people say it works.
0 people say it's broken.

100,1,1 0,1,0
100,1,1 100,2,2
100,2,2 100,3,3
100,3,3 100,1,1 100,1,1
100,3,3 100,3,3
100,1,1 100,3,3 100,1,1
100,2,2 100,1,1
0,1,0 100,5,5