Plugin Directory

Clef Two-Factor Authentication

Modern two-factor that people love to use: strong authentication without passwords or tokens; single sign on/off; magical login experience.

Are the Clef mobile app and WordPress plugin free?

Yes. The app is free, and Clef’s free-tier accounts allow up to 10 Clef-enabled WordPress users per site.

How do I unlock my site if I inadvertently lock myself out after disabling passwords?

Delete the /wp-content/plugins/wpclef/ folder to restore password-based access.

Can I use Clef with CloudFlare's reverse proxy and/or Web Application Firewall?

Yes, in fact we think that's a great idea, and so does CloudFlare. While you're at it, turn on CloudFlare's free SSL for even greater protection.

Can I use Clef with other WordPress security plugins?

Yes. Clef 2FA is compatible with all of the top-tier security plugins.

Can I use Clef with Web Application Firewalls such as ModSecurity?

Yes. Depending on your firewall configuration, you may need to whitelist the following:

You can verify that the logout request is passing through the firewall by sending a test request from the command line.

My Clef log out hook is not working. How do I fix it?

See "How do I fix Logout Hook errors?"

Can my existing WordPress users log in with Clef right away after I install the plugin?

Yes. If your users register on their Clef mobile apps using the same email address as their WordPress accounts, they can start using Clef instantly. Otherwise, they can link their WP users with their Clef accounts after logging in to the WordPress dashboard.

Also, the plugin makes it easy to invite your WP users to install the Clef app with optional invitation emails.

How does Clef accommodate logins for WordPress users who do not have smartphones?

The disable passwords options and secret override url provide several options for allowing password logins.

See the guide for accommodating users without smartphones for details.

What should I do if my phone is lost or stolen, or if I switch to a new phone?

  1. Deactivate your old phone.
  2. Reactivate on your new phone.

How do I create a custom login page or widget with the Clef login shortcode?

You can add the Clef Wave or the Clef “login with your phone” button by inserting the clef_render_login_button shortcode into any post, page, or text widget. See the shortcode guide for details.

How do I configure Clef for multisite networks?

If you have a subdirectory network, then no additional configuration is required.

If you have a subdomain or full domain network, then you must configure the application domain setting to allow Clef logins at multiple subdomains or domains.

How secure are Clef logins?

Very. Clef leverages the computational power of your smartphone and the proven strengths of distributed, asymmetric cryptography and multi-factor authentication to provide secure WordPress logins in a beautifully simple and easy-to-use mobile app.

When configured to disable passwords, Clef protects WordPress users against the full spectrum of password-based attacks:

  • brute-force and botnet attacks
  • weak, leaked, and recycled passwords
  • sending login credentials via an insecure (non-SSL/TLS) connection
  • phishing attempts
  • account takeovers via email breaches

How secure is my data on Clef’s servers?

Clef employs a distributed security architecture, which means Clef stores no user credentials on its servers. When you use the Clef mobile app, you create a profile and a private encryption key that never leave your phone. The Clef app then uses that data to generate a unique, encrypted digital signature every time you log in. Since all of your personal info stays on your phone, nothing in the Clef database can compromise your identity even in the unlikely event that the server is compromised.

Requires: 3.6 or higher
Compatible up to: 4.6.1
Last Updated: 2 months ago
Active Installs: 900,000+


4.7 out of 5 stars


7 of 9 support threads in the last two months have been marked resolved.

Got something to say? Need help?


Not enough data

3 people say it works.
0 people say it's broken.

100,1,1 0,1,0
100,1,1 100,2,2
100,2,2 100,3,3
100,3,3 100,1,1 100,1,1
100,3,3 100,3,3
100,1,1 100,3,3 100,1,1
100,2,2 100,1,1
0,1,0 100,5,5
100,1,1 100,1,1 100,1,1
0,1,0 100,2,2
100,1,1 50,2,1 100,1,1 100,1,1
100,1,1 100,3,3